Showing results for 
Search instead for 
Did you mean: 

Malicious code in Order Address

Malicious code in Order Address

I got many orders in which I found malicious code in the order address section. My website's Magento version is 2.4.5-p1. I am afraid it is some kind of malware attack and if it is so please suggest some solutions for this problem as soon as possible. Please check the attached order image.order-confirmation-1.png


Re: Malicious code in Order Address

Based on the information you provided and the attached image, it appears that your website might have been the target of a malicious attack. The code you see in the order address section could be an attempt to exploit vulnerabilities in your Magento installation or to collect sensitive data from your customers.

To address this issue, I recommend taking the following steps:

  1. Quarantine the affected orders: Move any orders that contain suspicious code to a separate folder and do not fulfill them until you have verified their authenticity.

  2. Scan your website for malware: Use a reputable security scanner to scan your website for malware and vulnerabilities. This will help you identify any security issues that may have contributed to the attack.

  3. Review your server logs: Check your server logs for any suspicious activity or unusual traffic patterns. This may help you identify the source of the attack and prevent further damage.

  4. Update Magento and extensions: Make sure that your Magento installation and all installed extensions are up to date with the latest security patches. This will help protect your website against known vulnerabilities.

  5. Change passwords: Change all passwords associated with your website, including admin passwords, FTP passwords, and database passwords. Use strong, unique passwords and enable two-factor authentication where possible.

  6. Implement additional security measures: Consider implementing additional security measures such as a web application firewall (WAF), IP whitelisting, and regular security audits.

  7. Contact Magento support: If you are unable to resolve the issue on your own, consider contacting Magento support or a Magento security expert for assistance.

Remember that the security of your website is an ongoing process, and you should regularly review and update your security measures to stay ahead of potential threats.