Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Security Issue (site hacked)
 
NDWest12
Jr. Member
 
Total Posts:  9
Joined:  2009-10-21
 

Hi,

my site has apparently been hacked by what seems to be the Gumblar virus. I have attempted to change my password in cpanel but this just kills the whole site until i put the original password back in.

My question is, is there a file i need to redefine my FTP password in, and if so where is it? Otherwise is this just a random issue and should i just attempt to change my password in cpanel again. This hack is exteremly annoying, its started at just 1 line insterted in the index files of the site. Now it is 1000’s, it is easy enough to clear out, but I’d rather it not be happening. Here is a sample of the code inserted:

<?php @register_shutdown_function("__sfd1255649242__");function __sfd1255649242__() global $__sdv1255649242__; if (!empty($__sdv1255649242__)) return; $__sdv1255649242__=1; echo <<<DOC__DOC
<!-- [59339c100a2e96a1f217128b22a3477a --><!-- 2429465521 --><noscript><ul><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=3645">buy Windows XP Professional SP3 full version</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=3244">buy and download Windows XP Professional SP3 software</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=2263">Windows XP Professional SP3 program purchase</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=1390">buy Windows XP Professional SP3 online</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=1929">purchase order Windows XP Professional SP3 software</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=3382">buy used Windows XP Professional SP3</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=3609">buy Windows XP Professional SP3 inexpensive</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=1741">buy Windows XP Professional SP3 price</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=2239">Windows XP Professional SP3 cheap download</a></li><li><a href="http://dannyandnina.com/voting/fantversion.php?wtmbk=1&oem;=2668">where to buy cheap Xilisoft 1click DV to DVD</a>

that is at the top of the index.php file, there is a lot more there but characters are limited on here

and this is at the bottom

<?php error_reporting(0); echo "\n"; @__sfd1255649242__(); ?>

its a matter of deleting those two sections and the site is then okay, but with that in there the rest of the site is completely crippled

 
Magento Community Magento Community
Magento Community
Magento Community
 
JLHC
Mentor
 
Avatar
Total Posts:  1287
Joined:  2008-05-09
Tampa, FL
 

Have you contacted your web hosting provider about this? They should be able to check on the FTP logs and possibly block out the offender’s IP from the server.
You may also want to upgrade your local PC’s FTP client to the latest version as some of them (older versions) contains a bug which will leak your password to hackers.

 
Magento Community Magento Community
Magento Community
Magento Community
 
LloydI
Jr. Member
 
Total Posts:  26
Joined:  2009-09-20
 

I think fairly soon it’s going to be tough to find a good Magento host.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top