cancel
Showing results for 
Search instead for 
Did you mean: 

Checkout Page Hacked?

Occasional Visitor

Checkout Page Hacked?

Hi Guys

 

I hope someone can help.

 

Running Magento 1.9.1.0, website. When a customer click  at checkout page sudden there is a strange customer information and payment information popup.But I don't find this file in cpanel file manager.

Any ideas what this might be and how I can fix it?

 

Thank you in advance to anyone who can help.

 

Tags (1)
1 REPLY
Highlighted
Moderator
Magento
E-Commerce

Re: Checkout Page Hacked?

Would you be able to share a screenshot of the popup please? 

 

If you think there has been an incident, this a great template to follow on what to do next: https://github.com/talesh/response

 

On a more practical basis, you will want to validate that the pop-up form is indeed malicious in which case ideally you're going to want to:

 

  • Review admin users, delete any no longer needed and change passwords of all other users.
  • Review users that have access to server and do the same thing.
  • Identify the compromise and remove, this could be some malicious code on the server, or in the database (through something like the miscellaneous scripts section of system configuration). A developer will be needed here though if you're lucky magereport.com might help confirm that you're compromised as they detect some common attacks.
  • Create a fresh new server with new credentials. 
  • Redeploy from version control to new server
  • Copy across cleaned database to new server
  • Relaunch/Migrate site on new server with new protections. 
----
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution" as appropriate. Thanks!