User9426 0 Posted June 28, 2023 Posted June 28, 2023 (edited) Hi, I have a problem with my website "https://www.anxxxxxxxxxxxxnd.sk/". When I add some product to cart and enter the checkout page, this Eset's error page shows: https://prnt.sc/3Oxlwq7pCFX3 (it's trojan horse error). Could you check my website and find out which file makes this problem ? Edited September 11, 2023 by Marcos Redacted
Administrators Marcos 5,736 Posted June 28, 2023 Administrators Posted June 28, 2023 Please read this guide for instructions how to clean a site running Magento CMS: https://sucuri.net/guides/how-to-clean-hacked-magento/, https://sucuri.net/guides/what-is-magecart/, https://www.bleepingcomputer.com/news/security/hackers-hijack-legitimate-sites-to-host-credit-card-stealer-scripts/. Should you come across any suspicious php or js files on your server that are not detected by ESET, please email them to samples[at]eset.com in an archive encrypted with the password "infected". Keep a backup copy if you decide to edit or delete them.
User9426 0 Posted June 28, 2023 Author Posted June 28, 2023 I'd like to send you some files, which looks suspicious, but I didn't find any. I checked the website on that malware scanner, but no malware was found on the homepage. I can't check the checkout page in that scanner, because some product have to be in cart and then the error shows. The products in cart are saved in cookies. Could you please add some product to cart, enter the checkout page and confirm that you see the error too?
Administrators Solution Marcos 5,736 Posted June 28, 2023 Administrators Solution Posted June 28, 2023 35 minutes ago, User9426 said: Could you please add some product to cart, enter the checkout page and confirm that you see the error too? That's not necessary, I know that the malware would be injected and detected then. It's important to check especially the php files on the web server for obfuscated or suspicious scripts.
User9426 0 Posted June 29, 2023 Author Posted June 29, 2023 Hi, we found a source of the problem. These lines of code caused the problem: https://prnt.sc/2xk-uHCohaYx This could be helpful for someone in future.
Administrators Marcos 5,736 Posted June 29, 2023 Administrators Posted June 29, 2023 1 hour ago, User9426 said: Hi, we found a source of the problem. These lines of code caused the problem: https://prnt.sc/2xk-uHCohaYx This could be helpful for someone in future. Please provide me with the file in which you have found the malicious code as well as with the path to the file.
User9426 0 Posted June 29, 2023 Author Posted June 29, 2023 Hi, the code wasn't in file. The GTM script was inserted in database.
Recommended Posts