Posted - July 14 2011 : 17:17:31
| yep; we've got 2 separate modules, a scanner (to show you in a safe way what the injected values are), and a cleaner (to strip out the injections):
and, the site-suspender is also handy:
that lets you suspend the whole of vpasp, and while the site's suspended you can still access it by using an override pwd even though nobody else can access it.
By cleaning the injected values, that can help buy you some breathing-space/time while you investigate/finalise a more permanent upgrade solution.
The scanner/cleaner is just for data, not files. As per Cam's note, if your files have been altered then I think you'd want to start from scratch with a fresh set of files that you know are safe.
If the hackers managed to effect physical files rather than just data then you'd want to suspend the site, scan/clean the data, and start afresh file-wise.
Also, you'd probably want to force all the shop's staff to run a full anti-virus scan just in case they've got a keylogger that's been picked up from a virus/injection, then make sure you change ALL the pwds (including your ftp pwds and host control panel pwds) (do those bits before you do the scan/clean etc; ie do the anti-virus checks first, then change the pwds, then work on cleaning the data/files; if you did it the other way around then potentially you could end up going round in circles.
Follow us on Twitter: http://twitter.com/bigyellowzone
Web Design, Online Marketing and VPASP addons
Edited by - devshb on July 14 2011 17:31:06