Magento site hacked

3,223 views
asked Sep 21, 2013 in E-commerce by Karen (630 points)
Hi all
I have an ecommerce site running on Magento. I tried going to my site this morning and I got a warning message saying that my website page is reported as an attack page and that it’s blocked. When I google search my site I get "This site may harm your computer”. Everything was normal last time I checked about a week ago. What should I do now?
Please help
Thanks
commented May 13, 2014 by cls (110 points)
The same question

6 Answers

1 like 0 dislike
answered Sep 21, 2013 by lightSpeed (2,420 points)
Hackers must have accessed your FTP with brute force attack method or with a security hole in your control panel. This is what I recommend you to do
1 Change all your passwords(Magento admin, SSH,  FTP, cPanel, and email).
2 request your hosting provider to check the security issues in your control panel.
3 Scan your JavaScript files for any weird encoded scripts and remove them.
4 Use Google Webmaster Tools service Submit a rescan request to Google.
0 like 0 dislike
answered Sep 21, 2013 by SmartHost (9,060 points)
Make sure your passwords are all strong, long and hard to guess, because brute force uses all dictionary words, and combinations of letters and numbers. this  http://www.magentocommerce.com/magento-connect/shopping-cart-deep-diagnostics-6157.html can also help you find our your website’s potential security breaches.
0 like 0 dislike
answered Sep 21, 2013 by dona (4,540 points)
Make sure your  .htacces file is not corrupted and if it replace it. And check for files and folders that are not familiar. Also check your index.php file on your Magento root.
0 like 0 dislike
answered Jan 15, 2015 by perrysun (680 points)
edited Sep 22, 2016 by perrysun
It's very sad(
In reality each site have bots visits or even Ddos attacks resulting in hacking. But before hack is complete site admins don't even know about hacking attempts.
So it's important to study your logs regularly. For Magento you can use this extension https://amasty.com/magento-error-log.html . It will let you know about all hacking attempts and errors occurring on your site.
0 like 0 dislike
answered Jan 15, 2015 by perrysun (680 points)
...