cancel
Showing results for 
Search instead for 
Did you mean: 

Site hacked (maybe) fresh installation

Site hacked (maybe) fresh installation

Hi,

 

I've installed Magento 2 latest version last week on my server. It's a multistore site:

varietystore.ie and varietystore.es

 

On Monday morning on Google Analytics, I've seen multiple activities coming from China on varietystore.ie. Strange because there were/is nothing on the site and the store was in demo mode. It called my attention because they were particularly interested in these pages:
https://varietystore.ie/privacy-policy-cookie-restriction-mode/

https://varietystore.ie/customer/account/forgotpassword/

 

Same day afternoon I wanted to keep working on the site, Configurations, settings, etc, (you know) and learn in the process how to build extensions and how they work. I'm new to Magento but I have experience working with Zend (now Laminas).

Everything looked well until I wanted to add ReCaptcha to forgot password form on Stores >> Configuration when I realized I'm not able to change anything in there. Not even open the tabs on RHS. Lots of javascript errors (pending investigation)

I went through Magento's and system logfiles and I found nothing strange.

 

Since I don't have any "very" sensitive information on that site I wonder maybe somebody wants to take a look at this. I can send a compressed version of what I have on my server, database, logfiles,  whatever is necessary to find out how this happened.

 

Security recommendations that I've ignored:

  • Not having ReCaptcha enabled on forgot password from
  • Incorrect write permissions for app/etc
  • Two-factor authentication not enabled
  • are there others?

I'm saying "maybe" in the title because I wasn't able to find anything strange on the server nor a bug and maybe the site was not hacked but I'm sure I left the site working last Friday.

 

Thanks. 

Have a nice day