JUL 11 2017

Magento redirects to another site

Tags:

July 10, 2017: We are receiving reports about massively infected Magento sites with Javascript redirect malware to one of the following sites:

http://mon.setsu.xyz


https://tiphainemollard.us/index/?


https://melissatgmt.us/redirect_base/redirect.js


https://ribinski.us/redirect_base/redirect.js

To this time, it seems like caused by old unpatched vulnerabilities, same as Guruincsite malware, so mitigation is very similar.

Mitigation

  • navigate in Backend to System > Configuration > Design > Footer > Miscellaneous HTML and System > Configuration > General > Design > HTML Head > Miscellaneous Script and delete all code there:
    Removing Malware code from footer in Magento
    Removing GuruIncSite Malware code from footer in Magento
  • IMPORTANT: Navigate to System > Magento Connect > Magento Connect Manager and check for updates. Update all third-party extensions, uninstall any non-used third-party extensions
  • delete any unknown users at System > Permissions > Users
  • Flush Magento cache to apply changes
  • Scan your store with our security tester and ensure store is safe, GuruIncSite Malware not found. If not, repeat the steps above (for other CMS pages / static blocks / extensions)

If you have any difficulties with removing this malware or have some additional details on the hack, please share this info in comments.

Posted in: Magento Maintenance

Magento redirects to another site
0 votes, 0.00 avg. rating (0% score)