My site keeps getting hacked and they are modifying these files
I have the hacked version of the files if anyone would like to see them. The problem is I am not sure how they are getting in. here is what I have done to protect.
1. updated all versions of my third party modules, which are only from trusted providers - Amasty and IWD
2, I have changed all passwords and eliminated all ftp accounts and all user accounts in magento and recreated them with secure passwords.
3. I have a secure copy of the magento install in different location and I run a diff on all the files to see if any of the core files are changed
I found some files that looked suspect like adm.php and I found a bunch of symbolic links. I have removed them all
magento is supposed to be rock solid and secure so how is this happening? Any help is appreciated.
Solved! Go to Solution.
i am using the latest version fully patched at 184.108.40.206.
I actually overwrote all the core files and ran a diff on them so all the core files are the same as magento core files
Even if you are on latest version of Magento there are other factors which may compromise the security like insecure hosting environment., extensions with security loopholes etc.
Please read following https://community.magento.com/t5/Technical-Issues/Security-Technical-Issue-with-Magento-1-9-1-0-Rand... post for best practices and further actions.
Is your hosting provider PCI compliant and have experience in handling Magento site?
You should inform your hosting provider also about the frequent hacks. Even after a fresh install there may be traces of the potential malware(or malicious code) on your server.
NOTE : I am not a security expert so you should seek help from some security expert to overcome the frequent attacks.
magento is just a php script installed on your server,
there are lots of programs and settings installed/configured too in the system.
I have a script that runs every hour to compare the core magento files in a secure location with the files in my web dir. I also found a file called adm.php that was clearly not a magento file and removed it.
So far everything seems good. I have also updated a few security settings based on comments in the thread. I still dont know how they got in for sure but it seems to be based on that adm.php file that they dropped in my web dir.
Just my advice from what I have had to deal with in the last 10 years of developing for several companies.