Re: checker11.com malware

sdowney2002 · ‎12-17-2018

Has anyone experienced a malicious javascript insertion, from checker11.com? Found a script file in my header that led to what appears to be an attempt to collect user info. The script calls the co-billing and co-payment forms at checkout.

Mukesh Tiwari · ‎12-17-2018

Hi @sdowney2002

Is your site fully patched? You may check at system -> configuration -> Design -> footer -> Miscellaneous HTML for any suspicious script.

Please refer following post https://community.magento.com/t5/Magento-1-x-Technical-Issues/HELP-site-hacked/m-p/19304#M1501 it has links to Magento best practices and other precautions which can help you keep your site secured.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

sdowney2002 · ‎12-17-2018

Yep, fully patched. And behind a firewall. And the admin login was obfuscated and IP restricted.

And "System -> Configuration -> Design -> Header -> Miscellaneous HTML" was exactly where the script was placed.

Mukesh Tiwari · ‎12-18-2018

Hi @sdowney2002

It is better to restrict the admin url access by IP address (If you have static IP) or use two factor authentication.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

FuelPumps · ‎11-23-2019

I've found a similar code in php placed in the mage.php file. I think this happened shortly after I hired a "reputable" company to do some work for me on Magento. I'm not sure if its related or them or not, but it seems the file was accessed via ftp.