First post here - Just wondering if anyone is able to assist. We are running Magento CE ver. 22.214.171.124, and it looks like our site has been compromised.
We have noticed there was some admin accounts created that we do not recognize. Our web host has done a scan on our server, and removed two malicious files that were located, but there have been two banners added to the header and footer of our website. They seem to be running google adsense, so looks like a hacker has managed to code them into the website somewhere. We are in the process of having a brand new site redesigned in Magento v2, but wish to remove these banners in the mean time from our 126.96.36.199 install. Does anyone know how I am best locating this file in order for it to be removed? I am not sure where this could have been added from.
Many thanks in advance for your help.
First, change all account passwords: FTP, SSH, hosting control panel, all admin passwords.
after that, have your host to search file content for banner code and for recently changed files' if that code is not in the files, it will be in the database. Have your host search all database tables for the code - they can easily do this in ssh or using phpmyadmin.
you can clean the fields or at least get ideas which fields have that code.
hope this helps. stay safe.
Thanks very much for the reply. I have done a database search in Php my admin, and found the code had been added in the admin panel under system - configuration - design - footer - miscellaneous HTML.
I have now removed this, and reset all passwords.
Upon checking the site, it appears we have another problem. After a product is added to the cart, and the proceed to checkout button pressed, the page brings up an error: Parse error: syntax error, unexpected 'getStreet' (T_STRING) in /home/admin2/public_html/MYSITEURL/app/code/core/Mage/Payment/Model/Method/Cc.php on line 522
Do you know what could be causing this?
Your site is affected with Credit Card Number Leak vulnerability. You should check following Credit Card numbers leak in Magento
You must replace your following file app/code/core/Mage/Payment/Model/Method/Cc.php with the default file shipped with Magento.
If you have not applied all the security patches released by Magento then you must apply those patches,
Please go through following links these may help you.
Thanks for the reply. I have tried replacing the file with the one from a download of the same version of Magento 188.8.131.52, but the file did not seem to have any changes compared to the default file from the fresh magento installation. Do you have any other suggestions as to what we could try?