Re: my website has been hacked

sungmo · ‎06-22-2020

I migrated 1.9.2 to 2.3.5 today.

However, I got below error message when i access my website. so I tried to find some codes but I could not find codes.

can someone give me a hint to find code?

[Report Only] Refused to connect to 'http://roi-traffic.icu/get.php?key=57ae14f08ba34083309153a81162b2f3' because it violates the following Content Security Policy directive: "connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'"

Sunil Patel · ‎06-22-2020

Hello @sungmo

i am not getting what is actual url

can you share your URL so i can check it

Problem solved? Click Kudos & Accept as Solution!
Sunil Patel
Magento 2 Certified Professional Developer & Frontend Developer

Manish Mittal · ‎06-22-2020

@sungmo

Site not hacked, dont worry. This error you are seeing due to magento new module Magento_CSP. You have to set headers or just disable this module on local.

https://devdocs.magento.com/guides/v2.4/extension-dev-guide/security/content-security-policies.html

Manish Mittal
https://www.manishmittal.com/

sungmo · ‎06-22-2020

thanks Manish Mittal and Sunil Patel

my website is http://dallasmother.com/

Be careful it will be redirected to another website when you access.

let me know how to solve this problem.

Manish Mittal · ‎06-22-2020

Yes @sungmo

It got hacked. need to check database and codebase from where they hacked it. we cant suggest directly without knowing issue.

Manish Mittal
https://www.manishmittal.com/