Someone continuously inserts Credit Card Hijack malicious javascript into to my site under
system->configuration->General->Design->HTML Head->Miscellaneous Scripts.
Note: I changed every thing like admin password, FTP, MAGMI everything.
But Still, insert Credit Card Hijack malicious javascript code.
How can I prevent my site from any other attack?
Is any Security extensions available?
Best Answer
Go to app/etc/applied-patched and make sure that EVERY SINGLE CRITICAL PATCH IS installed. Basically all the grey checks you see in Magereport.com, double-check and make sure that respetive patches are installed.
We need to find the cause, since it looks the code is being injected via bypassing all the admin passwords. I highly suspect 2 reasons: 1. Missing patch. 2. 3rd party Extension is being compromised. First one is more likely.