Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Website hacked, host points finger at Magento
 
josh4
Jr. Member
 
Total Posts:  3
Joined:  2010-03-09
 

Running version 1.3.0

The host says files were uploaded to the /tmp directory on the server and processes run that consumed 100% of cpu. They are saying it appears the Magento installation was being compromised. Does this sound like any known issues? Obviously I\’m going to upgrade but want to see if anyone knows for sure that would patch the security hole.

 
Magento Community Magento Community
Magento Community
Magento Community
 
bkscott
Sr. Member
 
Avatar
Total Posts:  137
Joined:  2009-07-16
Sacramento
 

it sounds like someone got a hold of your ftp login information. scan your local computers and change that information immediately. this isnt a flaw with magento. this is most likely the result of a keylogger on your computer. also, some viruses are designed to look for ftp software and get login info out of them.

good luck.

 
Magento Community Magento Community
Magento Community
Magento Community
 
WebhostUK LTD
Sr. Member
 
Avatar
Total Posts:  163
Joined:  2009-08-27
UK
 

Hello,

Thats the reason never allow 777 folders or files.. We have suphp on our servers with prevent nobody upload as well as 777 files. this reduces risk of getting hacked by upload done under 777 folders of magento script.

 
Magento Community Magento Community
Magento Community
Magento Community
 
bkscott
Sr. Member
 
Avatar
Total Posts:  137
Joined:  2009-07-16
Sacramento
 

what do you do about all of the magento files that require 777 permissions? there are many features of magento that would have to be rebuilt because they will not work without those permissions.

 
Magento Community Magento Community
Magento Community
Magento Community
 
josh4
Jr. Member
 
Total Posts:  3
Joined:  2010-03-09
 

Thank you for the replies. This is not a problem with FTP. The host says there are no logs of files being uploaded via FTP.

Their response:

We checked the files on your account, and we see the following hack scripts on your account. It looks like these were uploaded through an image upload script.

./store/skin/frontend/custom/theme003/images/submit.php

Does anyone know of old Magento vulnerabilities via uploading images?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ebuntu
Sr. Member
 
Avatar
Total Posts:  245
Joined:  2010-06-16
Denver, CO
 
josh4 - 17 November 2010 09:52 AM

Their response:

We checked the files on your account, and we see the following hack scripts on your account. It looks like these were uploaded through an image upload script.

./store/skin/frontend/custom/theme003/images/submit.php

This is NOT Magento issue. No vulnerabilities have been reported so far about Magento v1.3 and higher. If you have installed any of the free and/or commercial Magento extensions, then make sure they are properly coded and secure. Many of these extensions are either poorly coded, insecure, or both. This can be said about other Php software either customized, commercial, or free. If you have Open Source Php applications including Joomla, WordPress, for example, keep them up-to-date by installing the latest release and applying related security patches.

Your host can blame Magento for lack of security on their server. However, it is likely that one of the Web sites hosted on the server was compromised with either a malware such as a JS or Iframe code. When a hacker successfully inject its maeilcious code into one of the sites, he/she will be able to infect other Web sites; even deface the index pages.

Are you sure that your PC/laptop is secure? Do you have an up-to-date good anti-virus and firewall?

Just in case your PC/laptop is behaving abnormally, format the hard drive and re-install a new copy of the operating system. It is likely that your PC/laptop has been compromised and you are unaware of it.

Make your passwords very hard to guess; and don’t share your login information with your Web designer or any body, regardless.

If you feel it is time to look for another host, I suggest you get a VPS or a dedicated server; go to: ServerTune.com. Putting an e-commerce Web site on shared hosting, in my opinion, is unwise.  Good luck!

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top