I've been doing some research but there appears to be multiple solutions, and I want to get it right. I need to upgrade my Magento from 1.7.0.2 to the latest (1.9) being that our server was compromised and outgoing mail has been spammed.
I was told by out hosting provider to make sure the latest version of Magento is installed to help stop this.
My question though, is what's the best way to get this upgraded? I'm trying to avoid storing anything on my local machine since I don't want that to get harmed with the malicious files.
I was thinking of creating a folder titled 'OLD' on the server and moving all my magento files there and then install a fresh install of Magento 1.9. Once done, I can move over only the necessary files (themes etc) and then delete the 'OLD' folder.
Is this the best way to go about this? Do I need to do anything with my Database, other than amend the local.xml information?
Best Answer
First, the obvious: updating/patching Magento will only prevent future attacks but does not make an already compromised installation secure.
Copying the files to your local machine is not dangerous as long as you just do it to analyze the files and don't set up a local web server. Back up the files on the server itself is an option, but since the server is still compromised, be aware that the files might still get messed with. Also, it is likely that there are malicious scripts hidden in your "necessary files", for example in your theme.
What should you do with the hacked installation?
base64
andeval
in all PHP files on the server is a good start. Don't forgetmedia
andvar
directories, those are popular to hide backdoors because they are usually less monitored. There are also tools that might help you. But in doubt, find a security expert to review the code.admin_user
database table for additional admin accounts and remove them.