Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Site seems to be hacked
 
kassi
Jr. Member
 
Total Posts:  11
Joined:  2011-01-01
 

Hi everyone,

My magento site seems to be hacked after I purchased an extension from a website.

After the installation of the extension, the system will automatically send payment link (paypal) to the client after ordering. All the information included is correct (e.g. invoice number, item purchased, amount of the money.). However, the recipient of the payment is the seller of the extension but not my organization!…

We’ve deleted the extension files immediately but we’re worried about any further troublesome. I’ve also checked the code of the extension but actually I’m not too familiar with coding. I just feel strange that there are two external links in a file - one is http://www.trademic.hk/ and another is http://www.magentoecomerce.com/magento/payment.php (COMERCE, not COMMERCE).

How can we check that are there any changes in other files or even in database? Can I first backup my database, and then restore my site by older full backup, and finally restore the database files for updating my data, in order to get my site into normal?

Thank you very much.

 
Magento Community Magento Community
Magento Community
Magento Community
 
furnitureforyoultd
Enthusiast
 
Total Posts:  833
Joined:  2009-03-09
 

you will probably be better off doing a complete clean re-install

what is the company you bought the extension from?

 
Magento Community Magento Community
Magento Community
Magento Community
 
Ebuntu
Sr. Member
 
Avatar
Total Posts:  245
Joined:  2010-06-16
Denver, CO
 
kassi - 16 June 2012 05:17 AM

How can we check that are there any changes in other files or even in database? Can I first backup my database, and then restore my site by older full backup, and finally restore the database files for updating my data, in order to get my site into normal?

Your current site and DB is infected. The best option is to restore your site and DB from an earlier backup, before you installed this extension.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top