Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The block is hacked

‎11-20-2024 03:28 AM
‎11-20-2024 03:28 AM

The block is hacked

Hi all,
In some way that I can't understand, a custom block (cookie warning block) that contains the "cookies warning code", is edited.

 

Usually an external link is added to this code, to a website that is on the eset antivirus blacklist.

What steps should I follow to find out who or how this is done?

0 Kudos
Reply
4 REPLIES 4
‎11-20-2024 04:32 AM
‎11-20-2024 04:32 AM

Re: The block is hacked

You can start by identifying which security updates you didn't apply. And apply them.

 

If you figure out which security hole they exploited you might be able to figure out where the attack originated from by analysing the server logs but that is unlikely to help you.

Founder at https://agency418.com
0 Kudos
Reply
‎11-25-2024 01:19 AM
‎11-25-2024 01:19 AM

Re: The block is hacked

I'm sorry to hear that your Magento store's cookie warning block has been hacked with a malicious external link. This seems to be related to the recent "Cosmic Sting" vulnerability affecting many Magento stores. We have just recently recovered from such a hack. In our case, all of our blocks were modified with malicious scripts.

 

The Cosmic Sting vulnerability allows attackers to gain unauthorized access to your store's admin panel, compromising your encryption key and giving them access to all your blocks, CMS pages, and APIs. This means they can make malicious modifications, inject malware, and even steal sensitive data.

 

It's crucial to act quickly to secure your store and prevent further damage. I strongly recommend following the steps outlined in the Scommerce Mage blog post "Magento 2 Cosmic Sting Vulnerability" (https://www.scommerce-mage.com/blog/magento-2-cosmic-sting-vulnerability.html). The key steps include:

1. Upgrading Magento to the latest version

2. If upgrade is not possible then install the relevant security patches

3. Rotate encryption keys

4. Identify and remove any unknown users/credentials.

5. Turn on 2FA if possible.

 

The blog post provides a detailed resolution for this, i recommend going through it and let me know if you have any doubts or questions.

Reply
4 weeks ago
4 weeks ago

Re: The block is hacked

Hi, all and thanks for your replies.
The problem is still here and not on a specific block.
What we have already done:

  1. We changed all administrator passwords.
  2. We activated LinLibertine captcha in admin login
  3. We changed Encryption Key

We can 't find 2FA, to enabled, on our magento 2.4.6
We can't install any security patch before xmas end

 

So we will continue clear site everyday manually until new year come... So we will continue clear site everyday manually until new year come...

0 Kudos
Reply
3 weeks ago
3 weeks ago

Re: The block is hacked

Hi all,

yesterday Europol inform us that our e-shop is on "dangerous list" because off cosmic sting.

So it is necessary to installing security patch for cosmic sting, yesterday not today.
Is there any guide about this?
Why it is so hard to find this patch?
i have read everythinks about magento patch but there is no link (for download) or a guide how to install this patch.

I use magento 2.4.6, community version.

PS: Now is the time to install all the security updates for our magento e-shop. Is necessery to installing -p1 then -p2 then -p3...? or i can installing only last -p8 patch, for my e-shop? I found this page: https://experienceleague.adobe.com/en/docs/commerce-operations/release/notes/security-patches/2-4-6-...
with all patch's, but still not a guide or a download link about.

Thnx for your time

0 Kudos
Reply