How prevent header being injected with malicious redirects [1.9.3.3]?
https://magento.stackexchange.com/questions/183121
-
10-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
My Magento 1.9.3.3 installation had malicious redirects injected into the header. I could easily erase the redirects from System/Configuration/Design/HTML Header/Other Header Content field.
However I would like to know how to prevent it from happening again.
I am not well-versed when it comes to locking down Magento, but I took the following steps:
- Via SSH I ran
find . -type f -exec chmod 644 {} \;find . -type d -exec chmod 755 {} \;chmod 550 mageto make sure permissions were set correctly.
- I changed the admin password.
I did find that the admins user group had 20+ accounts I had never created. I erased those.
Are there additional steps I should/could take at this point?
La solution
Not sure if it's same problem as descriebed here:
- Magento website redirect to "https://ribinski.us/redirect_base/redirect.js"
- Website start redirecting to another url
I don't know how they got access, so first things (as posted in related questions) could be
- changing DB password (and all others too)
- maybe change admin path
- apply all patches (just to mention ... you're already up2date)
- check admin accounts (as you did)
- check server for malicious scripts
Wait for possible fix ... :(
Autres conseils
I'm not sure how these attacks are happening but you could change the frontName in local.xml
<admin>
<routers>
<adminhtml>
<args>
<frontName><![CDATA[something_not_easily_guessed]]></frontName>
</args>
</adminhtml>
</routers>
</admin>
