Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Hacked - {HEX}base64.inject.unclassed.7
 
bombnail
Jr. Member
 
Total Posts:  7
Joined:  2012-05-15
 

I have had to magento sites in as many weeks get nasties dropped in the var.session folder, what could cause thius and how can i stop it from happening again? Thanks in advanced to anyone that can help.

 
Magento Community Magento Community
Magento Community
Magento Community
 
ashokverma
Jr. Member
 
Total Posts:  9
Joined:  2013-04-08
 

If you are facing problems of hacking then you have to use some thing that can block hackers. There are some solutions acn you can fix problem from them. The solutions are following

1.  Secure Password Selection
2.  Require SSL or HTTPS for all website pages with logins
3.  Don’t use your Magento password
4.  Use a custom admin path
5.  Close email loopholes
6.  FTP usage should be secure
7.  FTP access limited
8.  Don’t save your passwords on computer
9.  Keep update your antivirus
10.  Restrict admin access to approved IP addresses, Geographical locations or countries.
11.  Use Geographical-IP Magento extension type lock for block access to users.

 
Magento Community Magento Community
Magento Community
Magento Community
 
elspood
Magento Team
 
Total Posts:  22
Joined:  2012-05-01
Magento
 

Another item to add to this good list is to deploy a web application firewall (WAF). Even a simple mod_sec deployment in warn-only mode will help you start detecting application-layer attacks in real time and then eventually allow you to block them automatically. If there are security holes that attackers are using to breach your site, a WAF might help identify them by highlighting malicious traffic.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top