So we got a project in which a site was affected by malwares and the hackers updated the homepage and admin page to look like this of magento 1
Since nothing was accessible we have to do some checks on the files. Since as you know this site was hacked it was blacklisted by google and other engines. And on further inspection of the site we found out that this site was not upto date with the latest magento security patches. Almost 11 SUPEE was not installed in the site. You need to have the latest security patches to make your site secure.
First we did the checking of the files. We checked the index.php was updated by some scripts which created admin access of the user with the password defined by them. We reverted back index.php to its original content. And yes this site was a multi-site. The other site index.php was also updated with codes. We removed that and made the site to be up. Once the admin was up we got in and saw accounts which was not made buy the owner initially so we deleted it.
Full site scan showed us some files was added in js folder of the site. Most of them were to steal your customers credit card. We deleted all those file. And then installed all the 11 security patches . After that google approved the site to be whitelisted. Always update your site with security patches and once in a month change your cpanel,ftp and admin passwords. This will help your site to be less prawn to attack.
369 total views