Re: Javascript malware attacks

mardz · ‎02-10-2018

Hello

Our shop get repeatedly infected with a "crypto-miner" malware. Its a javascript code that mines cryptocurrency on the client's CPU.

Everytime this happens I can find and remove the code in the Backend under:

System->General->Design->HTML Head->Miscellaneous Scripts

We use Magento 1.9.3.7 with the latest security patches. I also changed the admin password but it doesn't help.

I would like to know how to prevent these attacks to happen again.

Tom Robertshaw · ‎02-12-2018

I would recommend limiting admin access to a set of IP addresses which will make sure that no-one outside of the business can log in. You could also use a 2 factor-authentication extension.

Is your admin on https? That's also recommended.

If it's not that, then someone might be being able to gain access through a poorly protected server or a custom extension that has a security weakness. So I would recommend reviewing all extensions for weaknesses like SQL injection.

If you are not using misc scripts for anything else, you could disable it from outputting to the site by removing it from the theme. There's probably still other areas where an attacker could inflict damage though.

----
If you've found one of my answers useful, please give "Kudos" or "Accept as Solution" as appropriate. Thanks!

kalyanchakri · ‎02-20-2018

Maybe some PHP script is generating it and injecting it into your database directly. Check in your root folder for such suspectable PHP files. You can ask your host provider to scan for viruses.