Posts

Has Your Magento been hacked

If you login into your Magento Admin area and find a blank page you have more than likely been hacked, you will have seen hopefully the emails from Magento explaining “Urgent: Immediately install Magento critical security patches” and probably ignored or not understood what they meant.

Fatal error: Class ‘Magpleasure_Filesystem_Helper_Data’ not found

Around the 16th April 2015 Magento sent out a message to all Magento Webmaster:-

Critical Reminder: Download and install Magento security patches. Download now.
Download and implement 2 important security patches (SUPEE-5344 and SUPEE-1533) from the Magento Community Edition download page (https://www.magentocommerce.com/products/downloads/magento/). If you have not done so already, download and install 2 previously-released patches that prevent an attacker from remotely executing code on Magento software. These issues affect all versions of Magento Community Edition. A press release from Check Point Software Technologies in the coming days will make one of these issues widely known, possibly alerting hackers who may try to exploit it. Ensure the patches are in place as a preventative measure before the issue is publicized.

Then 19th April 2015 another reminder:-

Second Reminder: Download and install Magento critical security patches now.
If you have not done so already, download and install 2 previously-released security patches (SUPEE-5344 and SUPEE-1533) from the Magento Community Edition download page (https://www.magentocommerce.com/products/downloads/magento/). These security issues affect all versions of Magento Community Edition and enable an attacker to remotely execute code on Magento software. A press release from Check Point Software Technologies tomorrow will make one of these issues widely known, possibly alerting hackers who may try to exploit it. Ensure the patches are in place as a preventative measure before the issue is publicized.

And then on 23rd April 2015 the third and final warning:-

Urgent: Immediately install Magento critical security patches
It is critical for you to download and install 2 previously-released security patches (SUPEE-5344 and SUPEE-1533) from the Magento Community Edition download page (https://www.magentocommerce.com/products/downloads/magento/). Please do this immediately, as Check Point Software Technologies has published a technical description of how they discovered the issue, which we feel might serve as a tutorial for implementing an attack against your website.

Magento Blank Screen In Admin Area

Your admin area once logged in is blank, DO NOT Panic. Firstly find out why!

To start the process of fault finding first enable errors to be displayed as this will provide you with the details required to fix the problem.

To do this you need to use FTP and edit the index.php file in the root directory.

Change:-

<?php

/**

* Magento

To be:-

<?php

ini_set('display_errors', 1);

/**

* Magento

Now go back to the Magento Admin area and see if you get a new line of text and this will identify the problem.

If you see this “Fatal error: Class ‘Magpleasure_Filesystem_Helper_Data’ not found in /home/site/public_html/app/Mage.php on line 546” the chances are you have been hacked and this is a result of not updating the latest Magento security updates.

If you FTP to the location:- “/app/code/community/Magpleasure/” you will find the area that has been attacked.

Remove all files in the location “app/code/community/Magpleasure/Filesystem/”

Now clear your cache by deleting everything in the “/var/cache” folder

Try and login now and this should be working for you and now you have to check and clean up the potential ways in. Firstly look for new “Admin Users”

To do this go to “System” then “Permissions” and “Users”.

Look for users like “invk”, “system_backup” and look at the email addresses. You can make the accounts “Inactive” if you are not sure what they are.

Now patch your Magento website with SUPEE-5344!.

https://www.magentocommerce.com/products/downloads/magento/

ver 1.9.1.1 – Added May 1, 2015 (Includes patch for the SUPEE-5344 issue)