Magento – Credit Card Hijack malicious javascript code continuously insert by someone in the site under HTML Head -> Miscellaneous Scripts

core-hackscredit-cardjavascriptmagento-1.9Security

Someone continuously inserts Credit Card Hijack malicious javascript into to my site under

system->configuration->General->Design->HTML Head->Miscellaneous Scripts.

Note: I changed every thing like admin password, FTP, MAGMI everything.

But Still, insert Credit Card Hijack malicious javascript code.

How can I prevent my site from any other attack?

Is any Security extensions available?

Best Answer

Scan with Magereport.com
Scan with Magescan.com
Do a full virus (eval) scan on the server, or ask your hosting company to do so.
Go to app/etc/applied-patched and make sure that EVERY SINGLE CRITICAL PATCH IS installed. Basically all the grey checks you see in Magereport.com, double-check and make sure that respetive patches are installed.
1. As precaution, make sure /admin, /downloader, and /rss, is hidden or disabled in .htaccess. They can be used for bruteforcing.

We need to find the cause, since it looks the code is being injected via bypassing all the admin passwords. I highly suspect 2 reasons: 1. Missing patch. 2. 3rd party Extension is being compromised. First one is more likely.

Best Answer

Related Solutions

Magento 1.9 Security – Prevent Javascript Malware Attacks

Related Topic