Category Archives 911 Hack Removal

4-times-hack-sshut-companies-getastra.com

The recent outbreak of the WannaCry ransomeware and the havoc it created globally is a grim reminder of the susceptible state of our online security systems. Such events have shown that no-one is immune to cyber crimes -  not large corporations, small businesses, startups, government agencies or even your most benign looking single user. According to IBM, 62% of all cyber-attacks…

As another grim reminder of the susceptible state of our cyber security systems, a massive ransomware has struck computers worldwide. What started as an attack on the servers of Russia's biggest oil company and disrupting of operations at Ukrainian banks, the Petya Ransomware has now also spread to computers in Romania, the Netherlands, Norway, France, Spain, Britain, and Australia. The most…

Magento Amasty RMA Plugin

About Amasty RMA Extension Vulnerabilities During a security audit engagement with a client using Magento, our engineers discovered a few critical vulnerabilities in Amasty RMA extension. The first vulnerability allows a hacker to upload malicious files on the server. Since php files can also be uploaded, a hacker can easily upload malicious shells like c99, r57, anishell etc to the…

15 Signs Your Website Has Been Hacked

Most customers discover that their website is hacked on seeing the 'Red Screen of Death' by Google or when a customer tells them. This can be dangerous because it means your website has been infected for a long time and may have damaged your website's reputation and privacy. Websites have become central to all businesses these days. They handle everything from e-Commerce…

OpenCart Magento Malware Infections

Last week was quite a busy one for our team. We tackled a number of website hack cases. A number of instances were of malware infections, websites getting blacklisted by Google and even getting defaced by hackers. Statistically, majority of these cases were from OpenCart followed by Magento. The top three OpenCart & Magento malware infections/attack vectors found were: The…

Japanese SEO Spam/Keyword Hack Many website owners have contacted us worried about Japanese SEO Spam or Japanese Keyword Hack in Google search results for their websites. This happens when different web pages are shown to search engines and normal visitors. This particular Blackhat SEO technique hijacks Google search results by displaying Japanese words in the title and description of the infected…

A variety of web applications employs database systems for the provision of backend functionality. A widely used language used to query, operate, and administer database systems is Structured Query Language (SQL). Owing to its rampant use in web applications globally, SQL-powered databases are easy and frequent targets for cyber-criminal acts, the severity of which depends solely on the intricacies of…

Magento Extension PDF Invoice Plus Vulnerability by Astra Magento Security

About PDF Invoice Plus Magento Extension Vulnerability A couple of weeks ago, our security team was performing a security audit on a customer store using Magento. While testing the extensions used by the customer, a critical vulnerability was found in the extension PDF Invoice Plus. This extension is a widely used extension by hundreds of Magento stores to generate invoices…

Cross Site Scripting XSS - Astra Security

Cross-Site Scripting (XSS) attacks are stated as one of the most rampant occurring yet easily fixable injection attack faced by e-commerce businesses and a variety of other web applications. From targeting applications built on archaic web technologies to newer ones using rich, client-side UIs, XSS has plagued them all. However, it is imperative to realize that vulnerabilities posing as a…

Magento-Module-XSS-AffiliatePlus-GetAstra.com

A couple of weeks ago, we were performing a security scan for a customer using Magento shop. While auditing their website our team found a critical vulnerability in Affiliate Plus module. According to Affiliate Plus' website, 7000+ stores use the extension. This Affiliate Plus Magento module XSS vulnerability leaves a number of Magento stores vulnerable. About Affiliate Plus Magento Module XSS When logged…

Close