cancel
Showing results for 
Search instead for 
Did you mean: 

Code Injection FIX

Code Injection FIX

Someone keeps hacking our store by placing scripting in the "Miscellaneous Scripts" section.

We have Magento ver. 1.8.0.0, at this time is there a fix to prevent this from happening OTHER than upgrading?

4 REPLIES

Re: Code Injection FIX

Hi,

If they're adding it into the misc-scripts section of your admin then it sounds like they either have database access or access to your admin area.

 

Change all your passwords immediately (FTP, Database, Admin)

 

You should always apply the latest security updates too.

 

JHLC posted some excellent advise on how to recover from a hacked website on this post:

https://community.magento.com/t5/Technical-Issues/Possible-hack-or-virus-attack-on-my-magento-websit...

Problem solved? Click Accept as Solution!
Magento Certified Developer Plus | www.iwebsolutions.co.uk | Magento Small Business Partner

Re: Code Injection FIX

I just updated to the latest version - would the security fixes NOT be included in that?

 

PWs are very secure dont see how anyone could guess them.

 

Just got another injection - code added to script section.

 

 

Re: Code Injection FIX

this could be from anywhere, if you host another sites in the same server, then you need to scan your server with maldet and clamav.

usually they will find some backdoors for bots. wordpress and jooomla are 95% cause.

------------
MagenX - Magento and Server optimization

Re: Code Injection FIX

Hi,

I completely agree with MagenX. If you're sure your magento is up-to-date and you have changed any passwords (including mysql, ftp, admin) then it will almost certainly be some other software on the server that is affecting you.

Problem solved? Click Accept as Solution!
Magento Certified Developer Plus | www.iwebsolutions.co.uk | Magento Small Business Partner