Related to this post
https://community.magento.com/t5/Technical-Issues/HELP-site-hacked/m-p/19304#U19304
I would like to know how to find how did that? What should I check?
Current users were checked.
Solved! Go to Solution.
Hi @MaximR,
If you can provide more information about what exactly do you want to know, I will try to help you out.
Is you site hacked and you want to know how did it happen?
Thanks
Hi @MaximR,
If you can provide more information about what exactly do you want to know, I will try to help you out.
Is you site hacked and you want to know how did it happen?
Thanks
>Is you site hacked and you want to know how did it happen?
Yes,
Hi @MaximR
There can be multiple reasons for you site hack. I advise you to make your site functional using previous backup and follow these steps before doing this.
1) Change the admin user credentials.
2) Use a custom admin path
3) Restrict your admin to particular IP address.
4) Change all the FTP,cPanel,phpmyadmin credentials.
5) If some third party worked on the site deactivate all the credentials for them if work is completed.
(admin login, users for SOAP and REST api,FTP, cPanel and others)
6) Disable FTP and start using SFTP.
7) Apply all the recently released patches release by Magento.
8) If you are still using Magento 1.3X series upgrade your Magento as no patches are released for this series.
9) Confirm with your hosting provider if they are PCI compliance or not?
10) If you are on shared hosting I advise you to switch to VPS plan.
11) Request you hosting provider to scan you project for any malware or viruses.
12) Keep your PC antivirus also updated and avoid saving the passwords on browsers.
For any suspicious user acitvity check Magento logs and server logs. Also check the Magento core files for any modification.
Thanks