cancel
Showing results for 
Search instead for 
Did you mean: 

Spam advertising banners added to website header and footer

Spam advertising banners added to website header and footer

Hi everyone,


First post here - Just wondering if anyone is able to assist. We are running Magento CE ver. 1.7.0.0, and it looks like our site has been compromised.

 

We have noticed there was some admin accounts created that we do not recognize. Our web host has done a scan on our server, and removed two malicious files that were located, but there have been two banners added to the header and footer of our website. They seem to be running google adsense, so looks like a hacker has managed to code them into the website somewhere. We are in the process of having a brand new site redesigned in Magento v2, but wish to remove these banners in the mean time from our 1.7.0.0 install. Does anyone know how I am best locating this file in order for it to be removed? I am not sure where this could have been added from.

 

Many thanks in advance for your help.

 

Kind Regards,

 

Adam

4 REPLIES

Re: Spam advertising banners added to website header and footer

Hi Adam,

 

First, change all account passwords: FTP, SSH, hosting control panel, all admin passwords.

after that, have your host to search file content for banner code and for recently changed files' if that code is not in the files, it will be in the database. Have your host search all database tables for the code - they can easily do this in ssh or using phpmyadmin.

you can clean the fields or at least get ideas which fields have that code.

hope this helps. stay safe.

 

Anton Pachkine @ magento2.hosting : Magento Managed Package. Get your e-commerce health checkup at http://ecommerce.fitness

Re: Spam advertising banners added to website header and footer

Hi Anton,

 

Thanks very much for the reply. I have done a database search in Php my admin, and found the code had been added in the admin panel under system - configuration - design - footer - miscellaneous HTML. 

 

I have now removed this, and reset all passwords.

 

Upon checking the site, it appears we have another problem. After a product is added to the cart, and the proceed to checkout button pressed, the page brings up an error: Parse error: syntax error, unexpected 'getStreet' (T_STRING) in /home/admin2/public_html/MYSITEURL/app/code/core/Mage/Payment/Model/Method/Cc.php on line 522

 

Do you know what could be causing this?

 

Kind Regards,


Adam

 

 

Re: Spam advertising banners added to website header and footer

Hi @adamgreen2404

 

Your site is affected with Credit Card Number Leak vulnerability. You should check following Credit Card numbers leak in Magento

 

You must replace your following file app/code/core/Mage/Payment/Model/Method/Cc.php with the default file shipped with Magento.

 

If you have not applied all the security patches released by Magento then you must apply those patches,

 

Please go through following links these may help you.

 

https://community.magento.com/t5/Security-Patches/Hacked/m-p/30037#M1476

https://community.magento.com/t5/Technical-Issues/Security-Technical-Issue-with-Magento-1-9-1-0-Rand...

https://community.magento.com/t5/Technical-Issues/HELP-site-hacked/m-p/19311#M1503

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Spam advertising banners added to website header and footer

Hi Muk_t,

 

Thanks for the reply. I have tried replacing the file with the one from a download of the same version of Magento 1.7.0.0, but the file did not seem to have any changes compared to the default file from the fresh magento installation. Do you have any other suggestions as to what we could try?

 

Kind Regards,

 

Adam