Search This Blog

Wednesday, 21 October 2015

Magento Malware Threat - guruincsite.com

Magento website owners, make sure you install all the latest security patch from Magento as a malware named 'guruincsite' is causing trouble

Scan your Magento e-commerce website with www.magereport.com to make sure you are protected from the recent malware attack!

Follow the below instructions to remove the guruincsite malware:

The malware code is added to the footer through miscellaneous HTML field located in Magento admin. The code in the footer typically starts with:

(function(){function LCWEHH(XHFER1){XHFER1=XHFER1["\u0073\u0070\u006c\u0069\u0074"]

Get your hosting support to scan the Magento database for the above code AND for the word ‘guruincsite’.

In the Magento admin, navigate to System > Configuration > Design > Footer > Miscellaneous HTML and delete all the code that is written in the field ‘Miscellaneous HTML’. Now navigate to CMS > Pages > Home > Content and delete malicious code written between the <script></script> tags.

Once you have deleted done the above on your website admin, flush your Magento cache by navigating to System > Configuration > Cache Management and click on 'Flush Magento Cache'.

If your Google search listing has been marked as harmful then log into your Google Webmaster Tool, if you have more than 1 site in your Webmaster account then simple select the one in question and then click on 'Security Issues'. On this page you can submit your site to be reviewed.

To make sure you are safe from future attacks make sure all Magento security patches are installed. Get your website scanned on www.magereport.com and make sure you action all risks shown on your report.