Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

SECURITY BREACH!! PLEASE RESPOND ASAP!! 
 
mrgad
Member
 
Total Posts:  60
Joined:  2008-08-29
 

I just launched a multi-store Magento set-up.  I was just looking at the ONLINE CUSTOMERS section of the backend admin, when I came across this entry:

n/a Guest n/a n/a 82.125.26.86 Sep 12, 2008 3:03:29 PM Sep 12, 2008 3:03:29 PM Visitor http://MYDOMAIN.com/store/tmp/hack+the+registration+key+for+poker+tracker.html

(This is exactly how it appeared, except for the MYDOMAIN which I inserted.)

Where is this file?  How did it get there?  What do I do?  How concerned should I be?

Please advise immediately—also - not sure if this was the right board to post this on—if I need to move it to another board, please let me know.

Thank you.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Gabriiiel
Guru
 
Avatar
Total Posts:  563
Joined:  2008-04-29
France - Paris
 

Hey,

In google results :

http://www.google.fr/search?hl=fr&client;=firefox-a&channel;=s&rls;=org.mozilla:fr:official&hs;=16G&sa;=X&oi;=spell&resnum;=0&ct;=result&cd;=1&q;=hack+the+registration+key+for+poker+tracker&spell;=1

Your site appear wink

http://kennelstart.com/store/tmp/hack+the+registration+key+for+poker+tracker.html

EDIT

http://www.google.fr/search?hl=fr&client;=firefox-a&channel;=s&rls;=org.mozilla:fr:official&hs;=Bqb&q;=hack+the+registration+key+for+poker+tracker.html&btnG;=Rechercher&meta;=

Very strange, your site as first result, but also this : jewelrywoman.com/catalog/images/hack-the-registration-key-for-poker-tracker.html
which is an oscommerce store : jewelrywoman.com/catalog

 
Magento Community Magento Community
Magento Community
Magento Community
 
mrgad
Member
 
Total Posts:  60
Joined:  2008-08-29
 

I don’t understand—what exactly did you type in to google to get that result?

Our store sells products for dog kennels—nothing to do with poker.

I’m so confused!  It seems our Magento site has already been hacked, and we haven’t even started business yet.

Thanks for your help,
Mark

 
Magento Community Magento Community
Magento Community
Magento Community
 
Gabriiiel
Guru
 
Avatar
Total Posts:  563
Joined:  2008-04-29
France - Paris
 

I gave u links, u have to click on the links if u want to understand how I know that your website is kennelstart.com, and how your website appears in Google results with mysterious keywords.

 
Magento Community Magento Community
Magento Community
Magento Community
 
mrgad
Member
 
Total Posts:  60
Joined:  2008-08-29
 

The links didn’t work for me, but I contacted my hosting company, Simple Helix, and I received a reassuring message from their tech support, as follows:

“No, I believe those are just random script crawlers that are crawling on the internet.
You shouldn’t worry too much about it.”

Still - I’m wondering what you did type into Google.  I typed in the name of our business as well as that poker tracking thing, but I did not come up with any results for our site.

M.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Gabriiiel
Guru
 
Avatar
Total Posts:  563
Joined:  2008-04-29
France - Paris
 

I can assure you that Google has your website and the url in his index.

type this in google.FR : “hack+the+registration+key+for+poker+tracker.html”

remove the “

don’t change anything

with google fr you will find your website

try google.com, same keyword, don’t change anything. your website appears. first page.

Curious about how does Simple Helix will explain it ?

Want a screen ? here : http://img516.imageshack.us/img516/8971/googleti3.png

 
Magento Community Magento Community
Magento Community
Magento Community
 
SimpleHelixcom
Enthusiast
 
Avatar
Total Posts:  906
Joined:  2007-08-31
Huntsville, AL
 

Well it looks like this was with your previous host before you even had magento on it.
what were you running prior to magento? either way though you are safe now as you are running a completely different script with magento.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Gabriiiel
Guru
 
Avatar
Total Posts:  563
Joined:  2008-04-29
France - Paris
 

Hey SimpleHelix.com,

If it is a pb with the previous host, how do u explain that an oscommerce store has the same pb ? (see my posts)

 
Magento Community Magento Community
Magento Community
Magento Community
 
mrgad
Member
 
Total Posts:  60
Joined:  2008-08-29
 

Ah, that makes sense!  Because we no longer have a folder called “store/tmp”.  If it is showing up in google, it’s from an old cache for a directory that no longer exists.

I need to go to Google webmaster tools and have them exclude that now obsolete directory.

We DID have security problems on old host.  (hostexcellence.com).

We just never knew the details until we began using Magento and were able to view this sort of log.

Thanks so much for pointing this out—you have solved the mystery!!

 
Magento Community Magento Community
Magento Community
Magento Community
 
Gabriiiel
Guru
 
Avatar
Total Posts:  563
Joined:  2008-04-29
France - Paris
 

Hum mrgad,

So concerning the oscommerce store, the reason would be that the previous host was the same than your previous host ?

 
Magento Community Magento Community
Magento Community
Magento Community
 
mrgad
Member
 
Total Posts:  60
Joined:  2008-08-29
 

Previous host = hostexcellence.com
Previous commerce software = OSCommerce

Current host = Simple Helix (EXCELLENT!)
Current commerce software = Magento (EXCELLENT!)

Problem is now solved; am using Google’s remove URL tools to clean up this mess.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top