Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Magento sites hacked 1.3.2.4 Magento version
 
Scott32
Jr. Member
 
Total Posts:  11
Joined:  2009-10-28
 

Is this story true???

I found this on : http://activecodeline.com/magento-sites-hacked

=====================
Magento sites hacked

Huh, this has been crazy week. I’ve been doing lot of Magento upgrades. Last night I upgraded one of sites to latest 1.3.2.4 Magento version (as of time of this writing). By pure accident I discovered a virus placed under the “app/code/core/Mage/Checkout/Controller” folder. It was in form of malicious php script named “81632.php” and “htaccess” file.

Below is a partial of malicious script

#…
error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"])?$_SERVER["HTTP_HOST"]:$HTTP_HOST);
$b=(isset($_SERVER["SERVER_NAME"])?$_SERVER["SERVER_NAME"]:$SERVER_NAME);
$c=(isset($_SERVER["REQUEST_URI"])?$_SERVER["REQUEST_URI"]:$REQUEST_URI);
$d=(isset($_SERVER["PHP_SELF"])?$_SERVER["PHP_SELF"]:$PHP_SELF);
$e=(isset($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:$QUERY_STRING);
$f=(isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:$HTTP_REFERER);
$g=(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:$HTTP_USER_AGENT);
#… and the juicy part is cut of

The stuff was hooking to checkout process and sending data to another site. Luckily this was merely a development server, not a live site, so no actual damage was done.

For all Magento store owners, I would highly recommend immediate upgrade to latest Magento.

Magento 1.3.2.4 security update

 
Magento Community Magento Community
Magento Community
Magento Community
 
Vincèn
Sr. Member
 
Avatar
Total Posts:  289
Joined:  2009-01-03
Grenoble, France
 

Well it can be just a security issue due to ftp account compromised or server itself compromised ! First clean your installation and change all your password with some very efficient ones to be sure it doesn’t come back ! If it comes back it’s an other issue than Magento itself !!

Vincèn

 
Magento Community Magento Community
Magento Community
Magento Community
 
Scott32
Jr. Member
 
Total Posts:  11
Joined:  2009-10-28
 

ok well this is not my posting, its a posting i found online, but now can it be trusted if not posted on your
website itself, so thats why i provided it for magento themself to look into it..

I had magento installed by siteground my hosting provider, so i should trust it right? this should be the clean version…

 
Magento Community Magento Community
Magento Community
Magento Community
 
Vincèn
Sr. Member
 
Avatar
Total Posts:  289
Joined:  2009-01-03
Grenoble, France
 
Scott32 - 01 November 2009 12:00 AM

ok well this is not my posting, its a posting i found online, but now can it be trusted if not posted on your
website itself, so thats why i provided it for magento themself to look into it..
I had magento installed by siteground my hosting provider, so i should trust it right? this should be the clean version…

Yep installation done by your hoster should be clean but you can check nevertheless you don’t have any suspect file in folder indicated above smile Also be sure to use strong passwords both for ftp access to your files and backoffice access !

Vincèn

 
Magento Community Magento Community
Magento Community
Magento Community
 
zero813
Jr. Member
 
Total Posts:  6
Joined:  2009-11-03
 

I would imagine the security update fixed this.

 
Magento Community Magento Community
Magento Community
Magento Community
 
JTSchmidt
Jr. Member
 
Total Posts:  11
Joined:  2008-04-05
Irvine, CA
 

Just had a Magento site hosted on Siteground hacked on 9/20/2010.

All javascript files (js) and index.php files injected w/ malicious scripts pointing to alienradar.ru and addonrock.ru.

Good thing the site wasn\’t in production.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top