my Magento Admin website was hacked and show me a file manager hacked page with an option to upload file, change permissions, delete, rename, etc like the picture:
I tried to change the URL path on database, local.xml, .htaccess and really change but ever show me the file manager hacked page.
The .htaccess contain this code and I renamed the file cause if I don't the website doesn't work:
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php [L]
</IfModule>
Either, the home page is ok but when I try to access any product or another page show me the 404 error. I tried fixed it changing the web/secure/base_url and web/insecure/base_url with "mydomain.com/index.php/" but all the website stay damaged and without CSS.
Looking the database, the field admin/url/custom don't exist (only
"use_custom" and "use_custom_path").
It's ok?
Anybody can help me to fix it, please?
Update Jan 26, 2016: I changed the CAPTCHA row to 0 in the database and now is working the Admin. Either, I changed the Admin URL to protect the access and enable some IPs to access this area. Now, I'm trying to remove the malware.
Best Answer
Take the site offline immediately and then start investigating the PHP code and other files.
See also: What should you do with the hacked installation?