cancel
Showing results for 
Search instead for 
Did you mean: 

Where is Magento stored access log to the admin panel?

SOLVED

Where is Magento stored access log to the admin panel?

Related to this post
https://community.magento.com/t5/Technical-Issues/HELP-site-hacked/m-p/19304#U19304

 

I would like to know how to find how did that? What should I check?

Current users were checked.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Where is Magento stored access log to the admin panel?

Hi @MaximR,

 

If you can provide more information about what exactly do you want to know, I will try to help you out.

Is you site hacked and you want to know how did it happen?

 

Thanks

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

View solution in original post

3 REPLIES 3

Re: Where is Magento stored access log to the admin panel?

Hi @MaximR,

 

If you can provide more information about what exactly do you want to know, I will try to help you out.

Is you site hacked and you want to know how did it happen?

 

Thanks

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Where is Magento stored access log to the admin panel?

>Is you site hacked and you want to know how did it happen?

 

Yes,

Re: Where is Magento stored access log to the admin panel?

Hi @MaximR

 

There can be multiple reasons for you site hack. I advise you to make your site functional using previous backup and follow these steps before doing this.

 

1) Change the admin user credentials.
2) Use a custom admin path
3) Restrict your admin to particular IP address.
4) Change all the FTP,cPanel,phpmyadmin credentials.
5) If some third party worked on the site deactivate all the credentials for them if work is completed.
(admin login, users for SOAP and REST api,FTP, cPanel and others)
6) Disable FTP and start using SFTP.
7) Apply all the recently released patches release by Magento.
8) If you are still using Magento 1.3X series upgrade your Magento as no patches are released for this series.
9) Confirm with your hosting provider if they are PCI compliance or not?
10) If you are on shared hosting I advise you to switch to VPS plan.
11) Request you hosting provider to scan you project for any malware or viruses.
12) Keep your PC antivirus also updated and avoid saving the passwords on browsers.

 

For any suspicious user acitvity check Magento logs and server logs. Also check the Magento core files for any modification.

 

Thanks

---
Problem Solved Click Accept as Solution!:Magento Community India Forum