Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Help With Malicious Redirect Hack
 
ststephene123
Jr. Member
 
Total Posts:  2
Joined:  2012-11-13
 

I recently setup a personal web server on a WIN XP machine with WAMP server version 2.1 and Magento version 1.7.  Immediately my site started to perform 302 redirects to http://www.darlinginteractive.com whenever I hit the IP from either inside or outside my network. This is obviously a malicious hack as I set nothing up to redirect to this URL. Whenever I access my site IP plus a reference to a page that doesn’t exist I still get the same redirect result.

I’ve read several sites advice for finding and fixing malicious redirect hacks but have not been able to find the code causing this. I deleted all data from my sites root .htaccess file and still have the issue. I reinstalled a fresh version of index.php and still have the issue. The only way I’ve been able to get it to stop redirecting is by deleting all data on index.php. Then when accessed the site comes up with a blank page as expected. I ran a script to check all website files for base64 code and found quite a few files with some. The problem is I can’t distinguish between legitimate and illegitimate Magento base64 code.

Thanks in advance for any help with this.

 
Magento Community Magento Community
Magento Community
Magento Community
 
tomown
Jr. Member
 
Total Posts:  20
Joined:  2013-01-13
 

I assume you set up your hosts file correctly to treat the IP/URL as a local one?

If you’ve done that it sounds as if there’s a resident malware or virus on your pc causing the browser to perform random redirects

There’s some good tuts on youtube for setting up magento in wamp

 
Magento Community Magento Community
Magento Community
Magento Community
 
ststephene123
Jr. Member
 
Total Posts:  2
Joined:  2012-11-13
 

The host files were not setup to treat the IP as a local one. I opened up port 80 on my router and accessed my site from 2 different machines on 2 different networks and got the same redirect until I deleted everything from index.php.  I believe the malicious code was inserted into one of the Magento files or the hack created a file somewhere.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top