http://mon.setsu.xyz https://tiphainemollard.us/index/? https://melissatgmt.us/redirect_base/redirect.js https://ribinski.us/redirect_base/redirect.js
To this time, it seems like caused by old unpatched vulnerabilities, same as Guruincsite malware, so mitigation is very similar.
- navigate in Backend to System > Configuration > Design > Footer > Miscellaneous HTML and System > Configuration > General > Design > HTML Head > Miscellaneous Script and delete all code there:
- IMPORTANT: Navigate to System > Magento Connect > Magento Connect Manager and check for updates. Update all third-party extensions, uninstall any non-used third-party extensions
- delete any unknown users at System > Permissions > Users
- Flush Magento cache to apply changes
- Scan your store with our security tester and ensure store is safe, GuruIncSite Malware not found. If not, repeat the steps above (for other CMS pages / static blocks / extensions)
- To prevent it from re-occurance Scan your store for unpatched vulnerabilities and install all patches or upgrade to the latest Magento version.
If you have any difficulties with removing this malware or have some additional details on the hack, please share this info in comments.
Posted in: Magento Maintenance