Is your online store unexpectedly displays weird messages and you can’t log into admin panel? Or maybe someone told you that Google detected suspicious links from your domain? Or maybe you get an email from your hosting company with information that your website was temporarily suspended because someone sends thousands of emails from it? If you met one of the above symptoms, it can mean only one thing: you have a virus in your OpenCart online store files and you need to clean it, to restore proper operation and allow selling again.
How to remove the virus from an online store?
Begin by verifying that you have performed backups of files and MySQL database and copy all the files that exist on the server – even if they still contain the virus. In order not to confuse clean and infected files, mark copied directory with annotation that it contains a virus. You don’t have to worry about that it will move to your computer or other media. Virus that install itself on website, in a FTP files won’t infect your computer. This kind of infection can only exploit vulnerabilities in the software on which is built the website – in this case OpenCart. Frequent backup is the key to secure and working online store, and if it happened that you will have to return to the previous state of the site, you can always restore it using those files.
Locate the source of the virus – called “patient zero” – the file from which infection started. Typically, infections cause the following symptoms in online stores:
- Shutting online shop entirely, due to intentional or unintentional effect. It is impossible to enter website anymore, and anyone who goes to main address will see a blank page with possible errors.
- Viruses can also send e-mails in the background, using the mail() function. The owner finds out about it only when you get mail from the administration server, that your store is sending spam.
- Virus can also generate subpages containing links, which are then added to the search engines. Store can function seemingly normal with those pages, but the problems start when Google removes your store from listing, replacing it with spam links, which will obviously hurt sales very much. Pay attention to the messages on Google Webmaster Tools panel to find out whether your website is indexed properly.
When you know where infection started, a OpenCart virus can be easy to remove.
Search and elimination of the virus
Typically, the code containing the virus has the functions of encryption and decryption, such as eval(base64_decode ()). This command decodes code, which makes it visible to the server, and at the same time hiding it from users, especially person who is trying to catch and remove infection. To remove harmful code, look into FTP files previously copied to your hard drive. Search the contents of files with this function and remove the code fragments which contain eval(base64_decode ()). Afterwards, overwrite the old files. This may take some time, because you will have to view and evaluate if each file if it is suitable to fix. At the end, check the database dumping it through PHPMyAdmin, to browse and see if it doesn’t have that code.
Final steps and future prevention
After cleaning the files, redo backup and remember to do it time and again – preferably every month, but it depends on the needs and size of the store. Update also OpenCart software to the latest version if available. Change passwords to admin panel, FTP server, database and other vulnerable systems. It can also happen that after some time, that attacker can try to exploit vulnerability in your shop again – so you should do security check-ups at least once per year.The last step will be to to install anti-virus softawre on the computer from which you operate your online store. In rare cases, viruses can also steal passwords from browsers or FTP server clients like Total Commande and upload them to the hacker, who could again take over your shop.