Over the last few months, I’ve been exploring how to fix attacks with different WordPress sites and tips not just to overcome these problems, but also how to keep your website safe for the future. First of all, I hate hackers. Not all hackers, of course, only those who do damage to innocent people trying to make a living. They ‘re son of a bitch to put it bluntly. For the last few weeks, I’ve had people trying to break through one of my own sites … trying to brutalise their way through my admin dashboard. But I’ve got my eye on them, and their efforts to make me bother have culminated in me installing a firewall proxy to avoid their little crappy acts. I think that’s why I enjoy writing about not just how to prevent these problems, but how to address them when they occur, and what steps are required to move forward.
Hackers have hacked the Magento website?
This time around, I’m going to concentrate on the increasingly popular Magento e-commerce platform programmed in PHP. Many large corporations use this platform to develop their sites and make payments from customers. If you are a smaller business and use Magento, it is your responsibility not only to ensure that your website is operating as safely as possible, but also to protect the data of your customers, in particular payment details. Magento is a very secure payment gateway (like PayPal) and is subject to increasingly innovative hacking attempts as a result of this popularity.
Magento sites are commonly hacked in one of four ways:
- Ransomware-This is a type of malicious code or software that locks and encrypts website files. Usually these hackers are calling for a ransom to be paid to decrypt website files back to the owner, the money is also hard to trace bitcoin. Ransomware is often easy to spot and you will know straight away, with the hacker locking the website data and linking to their ransom demands with an index.html file.
- Server Infection / Phishing-A server infection / phishing attack does not usually affect your sites usability, but it does often use a code injection to store user information in a secret folder. The hackers aim is to acquire as much of your data for it’s own uses as possible. They can then use this data to send spam to out mass spam to all of your users.
- Site Defacement – This is where the hacker attains ‘bragging rights’, by trolling you (read: making you look like an idiot) with images not associated with your company. Perhaps something explicit or even something offensive. These hacking attacks may not even be a personal attack, they may just be the work of an opportunist hacker.
- Stealing Valuable Information-All Magento sites take online payments and often store customer information. This makes them a common target for hackers (career thieves in this instance). These attacks store and steal a customers details and payment information.
But what if you have been notified by customers of fraudulent transactions following a payment on your website? This issue is never a good thing … it’s one that can be beyond damaging to not only the trust your customers have in you, but a lingering stain on your company’s name.
An problem like this isn’t just going anywhere, you need to search the files and directories of your Magento websites to get to the bottom of it. You don’t want the company’s credibility to bend over the proverbial tub, when the hacker has a bad way with you.
If your site is hacked, you will need to search the website to see exactly where you have been compromised. This is where we ride in like a capped crusader to help save the day … or to guide you on the next steps to take.
- Download the easy-to-use scanner from HERE. This generates a site-specific file that will be downloaded to your computer.
- Upload this to your Magento account, it works just like downloading a plugin.
- Trigger the scanner, and let it do whatever it takes to search your files. Initially, there might be a minor effect on the pace of the website, but the problems you have will be resolved in the long run.
- After scanning, we’ll tell you which files are corrupted and which can be abused. Provide you with a solution to any abuse problems you might have.
Nothing in life is ever easy , particularly responding to unfortunate instances such as being hacked and the possibility of getting your customers ‘ personal details leaked into a horrible dirt bag that wants to relieve people from their money.
If you are not sure what to do after checking your Magento website, you may contact one of our experts who can help you fix any issues you might have and how to delete the malware that has compromised your website.