Numerous accounts of hacking attacks have recently emerged on ecommerce sites. Investigations show that the Adminer is the recent one behind this new surge of hacking attacks. Here we clarify how this hack happened and how to repair and protect your site if you are a victim. If you’re one of those fortunate few who haven’t been affected by this bug, read on to find out how to secure your account.
Trouble with Adminer
The Admin is a popular MySQL management tool that ecommerce site owners use to access their databases remotely. The problem here is that most websites leave the Adminer available to the public. This paves the way for a hacker to try using Adminer login page to sign in to the ecommerce site’s database.
Like with all other database resources, entry into the Administrator requires username and password information. Hackers can get passwords from the database if they’re installed on the server in configuration files. Many popular ecommerce platforms such as Magento and WordPress allow hackers to access passwords from the database, as it is stored on the server.
What to Do if You’ve been attacked or To Avoid Attacks Like This?
If you’re using the Adminer tool, the first move is to make sure you’ve got the new update-version 4.6.3 or later.
If your website has been subjected to a hacker attack due to the vulnerability of Adminer, here’s how to get your website back in order:
- Remove the Adminer script from the root directory and from every other folder that is available to the public.
- Update your Server password. Replace with a more efficient one.
- Look to your site for the Super Social WP plugin. This is a malicious plugin used by hackers to gain access to information about your site.
- Go via the Administrators list on your website. Delete admins you are wary of or have not developed.
- Get a new password for your ecommerce account Magento or WordPress.
- With the.js,.php,.html extension search all files manually. See if there are files that hackers might connect to your server. Delete all files which look suspicious.
- Repeat all of the above measures for the Adminer tool.
How to Prevent Future Attacks Of My Magento Or WP Site?
- Use HTTPS
- Migrate to a Secure Ecommerce Platform
- Ensure that Security Hacks do not cause Damage to Customers
- Run Vulnerability Tests
- Keep your Site Updated and Take Regular Backups