Skip to content

Our staff receive an information from one of our customers about their site is being redirect to other unknown website when access any link from google search, after check their site, we found out that site is injected with some harmful php code.
Firstly, please check your index.php at magento root and find for this:

eval(base64_decode('dVFda8IwFH0X/A+XEpaGldj6AXNSpg9FXybD1b1MKV2b2GBNStpOxth/X+I+3MOEhOTec8/NuSdoXTM92zHZQAh1oxtVqiPTLkoeo9VTtHrGizh+SNYmSmbzaBnjLZl0O4K7prhStYt+G3iAd0rtSoYJKA3f+F/4LS2UuogeankRK8WraUu6nfduBwBpIxbjib0bJYiHU16rbK8qJl0c....

Or may be difference. All you have to do is remove it, usually start from line 2, remove that long line.
To be sure, please set permission for index.php to 644, then check your .htaccess for any strange line, delete all if it present in your .htaccess

Hope this help for anyone who meet this situation.

0 comments