I have a Magento site running 184.108.40.206, which recently (9/11) fell victim to a SUPEE attack.
The four SUPEE patches has since then been applied, the file system cleaned out (as far as possible, since Magento has thousands of files), the database and the logs checked.
I noticed a peculiarity in the logs some days later, which essentially seem to break the CMS and Backup pages in Admin only.
Filesystem.php had been renamed to Filesystem.php.suspected in the following locations:
I checked with an old copy of the files, and no changes have been made to the files themselves, so I renamed them back to normal, and everything worked as it should. Then a day later, I find that they are renamed again. I suspected maybe anti-malware in Plex, but turning that off had no effect on the renaming.
Does anyone know what might cause this, and what might be the culprit?
Solved! Go to Solution.
@Parallax It's difficult to know by your question what exactly is hppening.But you can do following things which may help you.
1) Inform your hosting provider to scan your application for any viruses or Trojans.
2) Check the Magento files and folders permissions once and set those to recommended one.
3) stop using FTP, use SFTP instead.
4) Do not use Magento default admin url.Use a custom url for the admin panel access.
5) Change all the user names and passwords for the cPanel,FTP (better do not use it).
6) If you worked with some third party for development work on your Magento installation then change all user name and passwords. Also change all the admin access granted to them.Any users created for SOAP and REST api access.
7) Add IP restriction to your Magento admin so that it can be accesses from a particular ip address only.
Try above mentioned point and see if it help you or not.