Magento Sites Targeted By Gurusincsite Infection

  • author-img Nidhi Arora
  • 6 years
Magento Sites Targeted By Gurusincsite Infection

Guruincsite is a website that is listed as suspicious site that may harm your Magento site on visiting it. According to Google, Guruincsite has hosted malicious software that infected about 7824 domain(s) and these infected websites are currently blacklisted. The hackers are using “Guruincsite[.]com” to massively target Magento sites by injecting malicious scripts which create iframes from this site.

There are two adaptations of it. The first script is not confusing:

But, the second script is unclear:

The script, which is unclear or confusing, injects the iframe – “hxxp://guruincsite[.]com/2.php”.

The malicious script is generally injected into the design/footer/absolute_footer entry of the core_config_data table. However, it is wise to scan the complete database for the code similar to “function LCWEHH(XHFER1){XHFER1=XHFER1” or the “Guruincsite” domain name.

Some vulnerability in Magento sites or one of the third-party Magento extensions – are the main causes that permitted “Guruincsite” to target such thousands of websites within just a short period of time. Furthermore, this vulnerability provides hackers with an ability to easily access your database and make a malicious admin user. Currently there is no statement from Magento on this but we will be updating as we proceed on this so keep an eye on the blog. We will be posting more blogs for resolutions as we see a reply coming from Magento on this topic.

Blog Credit:

Download Blog


Ready to Get started

Communication is the key for us to understand each other. Allow us to understand
your requirements or queries. Present us with an opportunity to serve you.

Fill out the form and out team will get back to you
within 24 hours

    Head Office

    1250 Pittsford Victor Road Ste 310
    Pittsford, NY 14534

    Development Center

    Plot no. 10, Rajiv Gandhi
    Chandigarh Technology Park