Identify The Magento Hacked Store
Whenever a Magento store is compromised, one of the primary concern is to determine the hack. Below are some ways that can help you find Magento hacked stores:
- Blacklist warnings by search engines.
- Strange credit card activities reported by customers.
- Abnormal behavior of checkout page.
- Spam keywords and details in product listings and other pages.
- Your hosting provider suspends your Magento store for malicious activities.
- Change in files and folders.
- Modifications in the Magento core integrations.
- Unknown sessions and admin users in the Magento backend.
Compare Magento Core Files & Folders
Any file that’s been modified recently on your server might be a part of the Magento hacked store. In this case, your Magento files and folders should be checked thoroughly against malware injections. You can quickly compare your Magento core files with a fresh copy of Magento core files by using the diff command in SSH Terminal. If you are not familiar with the command line, you can manually check your files using any file management client.
when comparing your store with new Magento files, make sure to use the same version of Magento including extensions and any applied patches. I’d also advise to remove and reinstall all the themes, extensions, and custom modules, etc., after a hack to ensure that they are functioning free of malware.
Clean Database Tables
To clean a malware from your Magento database, you can log into the database admin area and search for suspicious content like spammy keywords, links to other domains, malicious PHP-based functions such as preg_replace, str_replace, eval, base64_decode, gzinflate, etc. Also, the most common table for Magento malware is the core_config_data table. Hackers specifically target the Magento store’s footer and header area via this table.
Secure the Magento Admin Panel
To secure Magento admin, you should first change all admin passwords with strong and unique usernames and passwords to avoid reinfection. If your Magento store is using the old version, you must first patch your store. Hackers can steal your Magento admin credentials from the backend if your store is not up to date.
You should also lower the number of admin accounts for your Magento. This advice also extends to your SFTP and hosting access. Only give access to a limited number of people. This concept is known as the concept of least privileged access.
Last, but not the least, you can also restrict access to your Magento admin panel on a single IP address by writing some rules in your .htaccess file. And yes, if you have changed your Magento admin login path, you would also need to update it in the .htaccess file.
It is also important to use a static IP address because a lot of ISPs assign dynamic IP addresses which change from time to time.