Re: Site Effected By Security Breach

ffdca · ‎11-03-2015

I guess whatever security breach or issue Magento was having effected our websites database. When I log into the server i just get thousands of random .html files. I've spent some time deleting them but they don't seem to be going anywhere once I delete them. I wanted to delete and then install the Security Patch.

Also I cant seem to find any of my sites folders. (CSS, Skin, etc...) it's all just the random .html files.

Can anyone please help or lead me in the right direction. I'm new to Magento and this is pretty frustrating.

Anyone else experiencing this? Thank you!

Sunny

chiefair · ‎11-03-2015

Something this bad starts at the workstation you use to maintain your website. Make sure it is not infected with password stealers and that it has not been compromised.

Only after that, move on to the webserver. Change your web server access passwords, notify your hosting provider and have them burn the server to the ground. They need to know this happened so they can make sure the server hasn't been rooted or otherwise compromised.

After that, this web server recovery is a total wipe and reinstall from scratch.

I'd take known good database and application backups, restore them on a test server off the net, apply all security patches that weren't properly kept up and then change all admin passwords on the Magento install.

Only then would I back the test server up and upload the site contents to the live server.

As to experiencing it, it may or may not be a Magento security breach. Depends on what Magento security patches you failed to keep up with. A simple security breach from a compromised workstation or server account password would do it.

MagenX · ‎11-04-2015

how did you identified that this is the security breach??

whats inside those html files? which process writes them?

anyway you can apply patches even if you hacked already.

------------
MagenX - Magento and Server optimization