While looking around to see if others had already written blog posts about something we ran across while dealing with a hacked website we noticed something from a security company, ASTRA Security, that seems like worth noting, since the company appears to not have a basic understanding of what they are doing. In a post that seems to be built around promoting having that company clean up hacked Magento websites there were multiple glaringly strange claims.
There is this section:
Config.php is an important file of the Magento installation. This file basically facilitates connection between the file system and the database. Config.php contains the database connection credentials. Apart from this, it can also be used to:
- Define the security keys.
- To specify the database prefix.
- To set the default language for your admin panel.
In the first version of Magento,
app/etc/config.phpcontained the list of installed modules, themes and language packages apart from the shared configuration settings.
That file doesn’t exist in Magento 1 and in Magento 2, where the file does exist, it doesn’t contain what is mentioned there.
Things getting odder right after that as this written:
In the newer version which is Magento 2, the
app/etc/config.phpfile is no longer an entry in the
.gitignorefile. This was done to facilitate better development of the software.
Multiple times, config.php has been infected with malicious code by the hackers to steal user credentials. Here is one such malware sample which was found inside /includes/config.php
The files /app/etc/config.php and /includes/config.php are different files, it seems that this company doesn’t understand that the two files can share a name without being the same.
All of that indicates this company shouldn’t be dealing with Magento websites since they lack a basic understanding of the software, but it appears they don’t have even a basic understanding of web development, as they also wrote this in their post:
Tools like phpMyAdmin are of great help in searching for multiple Magento admin hack infected files in one go. Search for malicious code using phpMyAdmin as shown in the image below.
phpMyAdmin is a database administration tool, so it can’t search files at all, much less search multiple at once. That is very common tool, so failure to understand that seems odd for someone dealing with websites, much less doing something more advanced, namely cleaning up hacked websites.
Unfortunately the security industry seems to be filled with companies that don’t seem to care about having the necessary skills to handle the work they offer and the results are not surprisingly often bad.
If you need someone to clean up a hacked Magento website that actually has years of experience of working with Magento websites and cleaning up hacked ones, we provide that.