If you are not checking your Magento eCommerce website on regular basis for any security leaks and observing any weird behaviors due to malware attack on your website then this is the help you were looking for.
Many of the malware affect your store’s front pages by injecting malicious scripts which hijacks data from all website users and then sending it over to the owners of malware generators.
It can be very harmful as it can steal customer’s private information, payment details of cards they use to purchase items on your store and the logins of your server as well.
Also, if they are residing on your server for a very long period of time, they can get full access of your server by installing their own custom control panels and ultimately can blackmail you for getting content and control of your Magento store or server back.
Large numbers of leaks and attacks on Magento stores have been reported in the recent times due to missing security patches that magneto has released and not having your magento website running on the latest stable version of Magento, the older version of Magento system makes it easy for hackers
Make sure that your website is upgraded to latest Magento version and have your store updated with all the security patches for your Magento version. Follow our guide here to check if your Magento store has all the security patches installed or not and how to install them on your own – How to install Magento security patch without SSH access.
It is always handy and helpful to have contact with professional magento eCommerce developers can help effectively on any of your Magento ecommerce who can give you all the insights you need to make your Magento store secure.
Our Magento eCommerce developers are always available for our valuable customers to make sure they have their Magento websites secure and their online business is running 100% smooth and secure without any hiccups with best user experience all the time.
Let’s get you started on how to check your website for malicious codes and possible security leaks.
Follow below step by step guide to find and remove malware from your Magento website.
Always take full backup of your Magento eCommerce website before starting on file or database changes. Take backup of store files and database using your server’s control panel or SSH or you can consult your hosting provider for the help.
You can revert to your backup if any of the steps break your website or causes data loss.
First thing you want to do is to check from Magento admin for any unauthorized user who has access of your store and server.
Go to your Magento store admin and delete any unknown user that doesn’t belong to your team or have been there since quite some time and you forgot to block them.
You also need to check your FTP/SSH users on server and make sure to remove the ones which doesn’t belong to your team. Consult your hosting provider to get help on this if you do not have knowledge on this.
You need to check if Magento’s directory permissions are set to how it is suppose to be for specific structure. None of your directories and files should be having public access or 777 permissions.
Only “media” and “var” directories on your Magento root should have 755 permissions for images, cache and session purposes.
Go to your Magento admin configuration and make sure those don’t have unwanted scripts in them. Follow below paths in admin: System -> Configuration -> Design -> HTML Head -> Miscellaneous Scripts.
System -> Configuration -> Design -> Footer -> Miscellaneous Scripts
Next part you want to check is third party resources which are being loaded on your website front pages.
To find such malware scripts you will require a developer tool which is provided nowadays with most of the browsers. You can use Firebug on Mozilla or Developer tool on Chrome for this or can try online service providers like GTMetrix and Pingdom.
Using those tools you will get a list of all the internal and external requests being called to load your website on the browsers. Go through all the requests and look for any suspicious resource which seems unauthorized to make direct connection on internal file structureor third party website.
If you find such request then note down its details and consult your hosting provider to notify about it and get it removed or blocked.
Even after going through above steps there can be a possibility that you have an internal malware script installed on your Magento files and database.
To find such malwares first you will require all the files and database on your computer. After that make a search operation on your store’s files to search for specific keywords like “eval”, “urlencode”, “urldecode” and “md5” which can be used to run the malware scripts. From the search results note down the files which shows occurrence of those keywords. You can try to search the request from above step as well if you found any.
When you have that files identified then you can compare those with default Magento files and structure to make sure if they are malicious codes or not.
You can find Magento’s all files on specific version from here https://magento.com/tech-resources/download/. Follow same search process on the database but you will require another tool for search operation on it as normal search tools doesn’t support that.
By following above guide you can most certainly get your Magento Ecommerce store and server cleaned up from malware scripts but if your website is getting affected time to time and results in downtime then there is a strong possibility that malwares have found a way to regenerate themselves and its owner have full access of your website and server. To solve this type of frequent malware attack issue, you will require help from Experienced Magento development company.
Our dedicated Magento developers can help effectively on any of your Magento ecommerce development needs. We have helped number of customers to clean up malware from their Magento websites effectively and implement all required security measures to avoid such trouble again.