Hello, One of my sites in QC3.7 was hacked with pishing attack. The hacker was introduced in the site root, 3 files were: index.htm, index.html and index.php. I have deleted and replaced by the original and everything is good. But my host has suspended my hosting because it wants me to find where does the security flaw in my CMS. Please, can you give me an indication. Thank you very much in advance because my site is dead for now.
Delete all content from your account and update script to newest version and read our security tips: http://opensolution.org/how-to-protect-your-website-and-your-customers-data-,en,202.html#2
Hello. I had made ​​all the changes you indicated. But it is true that my access code ftp date at least six months. I do not understand how to do what you write here:
don't store your FTP account password in programs like Total Commander, Filezilla etc.
In fact, I use filezilla to manage my ftp access. And it is necessary that I write this data to connect. Is there a way to write whenever I connect without being recorded.
It's really a lot of work to change a big site version 3.7 to 6.3. I'm trying to do but I still need two weeks because I work all day.
