Hi all,
In some way that I can't understand, a custom block (cookie warning block) that contains the "cookies warning code", is edited.
Usually an external link is added to this code, to a website that is on the eset antivirus blacklist.
What steps should I follow to find out who or how this is done?
You can start by identifying which security updates you didn't apply. And apply them.
If you figure out which security hole they exploited you might be able to figure out where the attack originated from by analysing the server logs but that is unlikely to help you.
I'm sorry to hear that your Magento store's cookie warning block has been hacked with a malicious external link. This seems to be related to the recent "Cosmic Sting" vulnerability affecting many Magento stores. We have just recently recovered from such a hack. In our case, all of our blocks were modified with malicious scripts.
The Cosmic Sting vulnerability allows attackers to gain unauthorized access to your store's admin panel, compromising your encryption key and giving them access to all your blocks, CMS pages, and APIs. This means they can make malicious modifications, inject malware, and even steal sensitive data.
It's crucial to act quickly to secure your store and prevent further damage. I strongly recommend following the steps outlined in the Scommerce Mage blog post "Magento 2 Cosmic Sting Vulnerability" (https://www.scommerce-mage.com/blog/magento-2-cosmic-sting-vulnerability.html). The key steps include:
1. Upgrading Magento to the latest version
2. If upgrade is not possible then install the relevant security patches
3. Rotate encryption keys
4. Identify and remove any unknown users/credentials.
5. Turn on 2FA if possible.
The blog post provides a detailed resolution for this, i recommend going through it and let me know if you have any doubts or questions.
Hi, all and thanks for your replies.
The problem is still here and not on a specific block.
What we have already done:
We can 't find 2FA, to enabled, on our magento 2.4.6
We can't install any security patch before xmas end
So we will continue clear site everyday manually until new year come... So we will continue clear site everyday manually until new year come...