Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Magento Site hacked by the Islamic Ghosts Team
 
MagePsycho
Mentor
 
Avatar
Total Posts:  1702
Joined:  2009-06-23
 

I really got surprised when I heard from one of my friend that his magento shop was hacked by some hacker called: Islamic Ghosts Team.
Since i am bit aware about Magento, he asked me the reason. And to be frank i have no answer at all.

What can be possibilities that magento site can be hacked. He is using the latest version of magento V1.4.1.1.

Specially this Question goes to the Varien Team.

Hope to hear some satisfactory answer from the Varien Team.

Thanks

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ebuntu
Sr. Member
 
Avatar
Total Posts:  245
Joined:  2010-06-16
Denver, CO
 

The most common hacks for an index page is replaced with some other code thus defacing your website. It is likely that the hackers accessed your client’s web site through an insecure or poorly coded/old script, or their PCs are infected, or the hackers guessed their “weak” passwords.

There are three possible ways for a Web site to get infected with IFrame or JS code defacing an html page, despite the fact that the web server is secure:

1. poorly coded or insecure scripts (custom built and/or old version of a Php application such as WordPress, or vBulliten, or PhpBB, etc.)

2. weak FTP password (easy enough to guess by a hacker/spammer) People often use obvious passwords such as the names of their children or their house number in order not to forget them. However, the simpler the password, the easier to detect. Using strong passwords lowers overall risk of a security breach.

3. compromised PC/laptop. The vast majority of the defacing around 90% takes place on websites with:

4. Custom Php scripts including Magento extensions. It is unfortunate that the vast majority of these extensions are poorly coded and might be used as a back door to hack a web site using Magento. Also, Open Source Php scripts including forums, Joomla and WordPress.

That said, a hacker with a special script can access a client’s web site and instantly adds the hidden IFrame JS code to a Web page. This is how a Web site gets compromised, although your dedicated server is secure. It makes no difference what permissions the folders and files are set to, or what security measures was implemented on your server; your client’s web sites might be compromised again and again.

I suggest you ask your clients with infected sites
1. Clean up their PCs (OS reinstall if necessary)

2. upgrade their Php applications to the latest version and secure them by applying any security patches available from the authors.

3. Not to install any Magento plugins, widgets, or extensions as they are not written or coded properly. Permit me to reiterate, the vast majority of Magento extensions are insecure.

4. If they use phpMyAdmin make sure it’s password protected.

5. If they suspect a hacking attempt, ask their host to change the login password for their web account.

6. Make sure all the Admin and Mod passwords are secure. Change them if you have any doubts. And use hard to guess passwords.

7. NEVER allow HTML in posts or PMs or in signatures.

8. Make absolutely sure there are no viruses, trojans or keylogger spyware on your PC. Any of these could steal your password and other personal info.

9. Do NOT allow any body to upload any files to your Web site.

10. Do NOT give or allow SSH access to any of your clients and/or developers.

Hope this helps.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top