Hacked and need help asap!!!

my site is being forwarded to another site that I have never heard of and I have no idea how. I do not know much about software so someone please help guide me to what I should check or where I should look? I have 1.9 and I cannot even got o my site other than through server.
Thanks
Keith

Any Luck with this issue?

kking5112 wrote:

If you think you've been hacked - You can do the following things -

1) Close your store from the database - Go to your database > open table Nop_Settings > look for "Common.StoreClosed" (i think it is line 39) - change the value to "true". By this nobody will be able to access your store.

2) Second thing you can do is that you can open the config file from your webserver and comment out the database connection string so that your database won't be connected to your website (because your database may include private information like credit card details) - this will cut-off your database from your website.

3) Contact your hosting provider or check your DNS settings in control panel of your hosting server to see why your web site is being directed to other domain.

We helped him out on this. He has an Arvixe plan and for some reason there was a js file called public.js added to the scripts folder. This script redirected all requests to another site.

We could not find out how this file was added. If anyone else has the same troubles, contact us.

Any feedback from arvixe on this?
I'm also using arvixe so a bit worry about the security.

In addition, I think the service is getting bad from arvixe these days.

What's the deal with the public.js? I just deployed 1.90 and trying to debug some latency issues with the admin section, really slow. I happen to use fiddler and notice public.js and immediately i remembered this post. Here is what I have


function getE(name) {
    if (document.getElementById)
        var elem = document.getElementById(name);
    else if (document.all)
        var elem = document.all[name];
    else if (document.layers)
        var elem = document.layers[name];
    return elem;
}

function OpenWindow(query, w, h, scroll) {
    var l = (screen.width - w) / 2;
    var t = (screen.height - h) / 2;

    winprops = 'resizable=0, height=' + h + ',width=' + w + ',top=' + t + ',left=' + l + 'w';
    if (scroll) winprops += ',scrollbars=1';
    var f = window.open(query, "_blank", winprops);
}


which seems normal to me.

Got public.js in my Scripts folder too.

Thought it was supplied with nopCommerce (downloaded from microsoft webdeveloper).

Really like to know, if this file is important in redirecting page requests or it is of no use or whether it makes the site hackable???!

It was all very strange to me. I had help in fixing it (as said in a previous post) and have had not further issues. Every password I have is now different. I added the email verification, as well as, the CAPTCHA.

The contents of his public.js was changed to redirect to a certain shopping page. We really have no idea HOW it was changed.
Unfortunately we deleted the changed file, so I can't share it.

By the way: we deleted the public.js file from the Scripts folder. I did not seem to affect functions on the site.
Anyone know what it does exactly?