my magento site hacked again and again

Question

i m so so sad my site hacked 2 times yesterday . i m trying to search a developer for this but all are telling me they can't guarantee about the security i m not sure what to do next. You guys have a experience like this ? please help me if you have a answer for this i m very disappointing about my situation i have completed whole website and now i have to go online but this hacking how i can go live !!!

Please help me

shared hosting or dedicated/vps? magento version/patches installed? — MagenX, Aug 10 '16 at 15:16
Run your sites url through this > https://www.magereport.com and come back with the results — Francis, Aug 10 '16 at 15:21
follow http://magento.stackexchange.com/questions/29498/what-to-do-when-i-was-hacked?rq=1 — Qaisar Satti, Aug 10 '16 at 15:29
Hi, this is pretty bad. I've added steps to take in this answer here. http://magento.stackexchange.com/a/88893/231 Long story short: Take your shop down, try to find out what was causing the issue, get a new server/setup (especially if you don't know how they hacked it) and (if available) to a new clean installation from a backup that wasn't hacked or your development system/eg. doing a new checkout from your source code management. — Anna Völkl, Aug 10 '16 at 18:01

score 3 · Answer 1 · answered Aug 10 '16 at 19:18

My clients site just got hacked a few months ago. We hired Sucuri.net to clean up all our code and also use their cloudproxy firewall to keep us from attacks. We haven't been compromised since, and you get a nifty report of all the people who have tried.

score 2 · Answer 2 · answered Aug 10 '16 at 19:04

I have recently had to do this for a client whose store was compromised.

TLDR; Assume all code on your site is compromised. Download new software/code from known good sources only. Install latest security patches. Use secure server/file settings. If you must re-use code from your site, it must be thoroughly audited by an experienced developer. Change all logins/passwords.

Longer; We decided to spool up a brand new server (new OS) and install a fresh copy of Magento, patched up to the latest version.(In our case we installed 1.9.2.4 instead of the 1.7 the site was previously running.)

Then we re-installed all the themes and plugins using only files re-downloaded from the plugin developers.

The customizations that had been made to the modules and themes were only installed after the code had been thoroughly audited by a developer.

All passwords were changed and file permissions on the server were set according to the Magento guidelines: http://devdocs.magento.com/guides/m1x/install/installer-privileges_after.html

All logins were changed and secure passwords used.

Hope this helps

Icon · Answer 3 · 2016-08-10T19:12:33.087

1

In the admin panel under Settings, look for USER and ROLES, make sure there are no one suspicios registered.
Change /admin and /downloader path url for your magento site. Check instruction online. https://www.properhost.com/support/kb/15/How-To-Change-The-Magento-Admin-Url-Path
Ask your host to implement CPHulk for your Cpanel, in case someone tried to brute force your cPanel they get logged out after several failed attempts.
Ask your host to do a File Manager malware scan! In case you got some suspicious extension installed.
As others have said, make sure you installed all patches. Check here: magereport.com.
As simple as it sounds, scan your own computer for viruses.
Look into https://sucuri.net/., they offer hack protection/cleaning service.

edited Aug 10 '16 at 19:12

answered Aug 10 '16 at 19:02

Icon

2,439
1
19
42

We used Sucuri, and are pretty awesome and super fast!! – Elva Sandoval Aug 10 '16 at 19:18
@ElvaSandoval I heard good things about them. So as a last resort, worth going through them (if tight on budget to hire a security developer) – Icon Aug 10 '16 at 19:20

my magento site hacked again and again

3 Answers3