Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Site Hacked - Please help
 
crashby
Jr. Member
 
Total Posts:  4
Joined:  2012-04-12
 

I’ve developed and manage a Magento store v1.7 CE and on Thursday something strange happened. The Translate Inline for admin and store were set to true, leading to red borders around everything. On Saturday one of the Sagepay extensions was disabled, and daily one or more of my 3rd party extensions gets “broken”. A reinstall in Magento Connect sorts out the relevant plugin, but it keeps happening, and the Translate Inline setting came back again tonight, and several extensions failed.

2 days ago the “Magento Connect” menu item vanished from admin, and I’m having to go directly to the /downloader folder to use it.

I’m certain I’ve been hacked somehow and it’s very subtle, but it’s devastating me!

I’m hosting on a VPS running WHM, and cPanel.

I’ve checked the logs and don’t see any particularily unusual activity. I’ve changed passwords etc., but it’s still happening.

I suspect something has been stuck into a scheduled task, but I’m struggling to cope.

The store has been live for about 4 weeks. No problems were encountered before last Thursday.

 
Magento Community Magento Community
Magento Community
Magento Community
 
alexft
Jr. Member
 
Total Posts:  9
Joined:  2008-12-14
 

Reinstall reinstalls security hole again.

Set DB access to front end IP only. Then login as root, take box offline, change all users passwords, reinstall magento and re import products. Change admin path and admin pass :D Delete ftp, telnet, use rssh sftp user for uploads. Cheers, Alex smile

 
Magento Community Magento Community
Magento Community
Magento Community
 
ashokverma
Jr. Member
 
Total Posts:  9
Joined:  2013-04-08
 

First of all I am sharing solution to fix it.

1.  Database access only to front end Ip.

2.  Now Sign-in as root

3.  Change user-names and passwords in every login details.

4.  Reinstall Magento and import you all products again.

5.  Change your admin path and its password.

6.  Delete File Transfer Protocol (FTP).

7.  Use rssh sftp user for files uploading.

Most of websites and ecommerce stores hacked by this issue, that is why people are using some secure thing that can protect their sites. This problem comes from IP and you have to use IP blocker type software or extensions that can save your store. I have developed an extension but this extension has not enough features and I was searching to update its features and that time I have saw a magento block ip address extension that has features to block and unblock IPs.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top