Do I have a security hole? Is there anything in my Magento installed from a 3rd?

Question

I can use my 1.8.1 Shop very well on my Ubuntu Desktop as well as in IE in my VirtualBox.

But now I had the second visitor reporting issues like:
If they click on a product, they are being forwarded to another website which tried to install a trojan or similar.

I checked the HTML code and couldn't find anything suspicious. After that I tried to used those free online malware scanners but they didn't find anything as well.

But I'd like to take this issue serious :-S

Chris, could you provide us with the site so that we might be able to look for ourselves? It could be that these users have a malicious browser extension installed, but you never know! — Reid Blomquist, Jul 11 '14 at 00:24
That is a nice website :) Maybe those users installed malicious scripts in their browsers.... — brainReader, Jul 11 '14 at 04:47

score 5 · Answer 1 · answered Nov 08 '14 at 12:30

Such Problems can have a lot of different causes.

Usually Users who claim to get redirected to another website, and if it is not directly reproducible, it is a tricky script doing it only for specific IPs, GeoLocations or refferers. Most times it is only for visitors coming from google search.

Some malicious JS or IFrames could also be the reason.

The best way to detect such things is having the source code under version controll, so you can do a diff of the code on the server to the code you have in your Version Controll Repository. A proper hosting company usually can also detect such break ins.

Do I have a security hole? Is there anything in my Magento installed from a 3rd?

1 Answers1