Hacked Magento: Symptoms, Action, and Prevention
For all Magento users, their online store ecosystem is an important part of their business. Having Magento hacked for them is almost the same as having their entire business stolen.
In this article, we use our expertise in Magento support services to describe the basics of analyzing the symptoms of a hacked Magento store and share a set of security audit and vulnerability assessment activities that help to address the existing issues and prevent future ones.
Symptoms of a hacked Magento store
Below are some of the possible signs of a hacked Magento store as well as the possible attack types that might have affected it:
Administration panel and content issues
- You can’t log in to the admin panel.
- There’s a new user with administrator rights.
- Unsolicited changes have been made to your store content.
Possible attack type: Admin panel break-in that is critically dangerous to the website and business.
Reported data theft
- Customers report suspicious activities with their accounts.
- Customers report their credit card credentials stolen.
Possible attack type: Phishing – email-based attacks with an intent of identity theft and data access.
Web store unavailability
- Your store is regularly or constantly unavailable.
- Your store is blocked by the hosting service.
Possible attack type: Denial-of-Service (DoS) attack that aims to bring your online store out of order but doesn’t threaten your data safety.
Poor performance
- Your store is blacklisted by search engines and doesn’t appear in the search results.
- Your store has external unsolicited redirects and shows a significant drop in traffic.
Possible attack type: Hacked redirect, usually with the intention to grab your store’s traffic and expose your clients to malware, advertising spam, or phishing attacks.
Action/Prevention plan
To secure your web store and prevent future hacking, it’s necessary to detect and fix existing vulnerabilities and perform a security audit. Here, we list the primary steps of the action/prevention plan, but if you want to get a comprehensive understanding of Magento security measures, you can find them in our Magento security guide.
Deep scanning for malware
With the help of custom and commercial tools, your Magento solution can be scanned for malware. It’s important to scan not only the Magento store itself and cross-system integrations since the attack could have affected them too.
Fixes and patches installation
Once the bugs and vulnerabilities are uncovered, they are fixed by the developers. Many fixes are being regularly released by Magento in the form of patches, too, so it’s fundamental to check if all the latest patches are installed on your solution.
Two-factor authentication introduction
To cut off existing unsolicited access to your Magento administration panel and prevent its hacking in the future, it’s recommended to introduce two-factor authentication. This way, even if a hacker obtains the credentials to your admin panel, they won’t be able to log in without a code sent to your registered email or mobile phone.
User permissions check
An appropriate permissions level is also important for preventing any further unsolicited access to your Magento store. The check makes sure all groups of users are granted only intended access rights.
Magento extensions review
Despite being useful, some Magento extensions you have installed can be no longer maintained by their creators and thus have vulnerabilities. Reviewing your list of add-ons and making sure that they are up-to-date helps to uncover such abandoned extensions and uninstall them to lower security risks.
Backup plan
Even with the most rigorous security measures applied, it’s vital to have all your web store data continuously backed up. This will help you safely restore your web store in case of data loss.
Afterword
Magento is a robust solution with its own security mechanisms, but such preventative procedures as the security audit, vulnerability assessment, and penetration testing are still necessary. When performed regularly, these processes help to find and address existing weak spots, thus lowering the possibilities of your solution being hacked to the minimum.