- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2017
12:59 AM
11-07-2017
12:59 AM
Checkout Page Hacked?
Hi Guys
I hope someone can help.
Running Magento 1.9.1.0, website. When a customer click at checkout page sudden there is a strange customer information and payment information popup.But I don't find this file in cpanel file manager.
Any ideas what this might be and how I can fix it?
Thank you in advance to anyone who can help.
Labels:
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2017
03:34 AM
11-07-2017
03:34 AM
Re: Checkout Page Hacked?
Would you be able to share a screenshot of the popup please?
If you think there has been an incident, this a great template to follow on what to do next: https://github.com/talesh/response
On a more practical basis, you will want to validate that the pop-up form is indeed malicious in which case ideally you're going to want to:
- Review admin users, delete any no longer needed and change passwords of all other users.
- Review users that have access to server and do the same thing.
- Identify the compromise and remove, this could be some malicious code on the server, or in the database (through something like the miscellaneous scripts section of system configuration). A developer will be needed here though if you're lucky magereport.com might help confirm that you're compromised as they detect some common attacks.
- Create a fresh new server with new credentials.
- Redeploy from version control to new server
- Copy across cleaned database to new server
- Relaunch/Migrate site on new server with new protections.
----
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution" as appropriate. Thanks!
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution" as appropriate. Thanks!