Website start redirecting to another url
I found the injected code in the core_config_data table, under design/head/includes. Removed it and now the site is back to normal.
UPDATE: As everyone else mentioned, it happened again this morning. This time I got rid of it more easily from the Admin Panel under System > Configuration > General > Design > HTML Head > Miscellaneous Scripts. This is a huge vulnerability, I hope Magento is working on a patch.
UPDATE 2: The script came back again, so I changed the db password, cleared cache. About an hour later, the script is back. So I don't think it's being added thru the db. I just changed my admin password, let's see if it comes back again.
UPDATE 3: Since I changed the admin password yesterday on both of my affected sites, about 24 hours later both are still clean.
Same issue on another magento site. I discovered that a script is injected in the HEAD section of the page, requesting redirect_base/redirect.js from melissatgmt.us (then changed to another domain) but can't figure out how this shit is injected.
UPDATE: As mentioned by others, found the entry in core_config_data table and removed it but the record was back at next page reload. I changed the db password and now it seems to be defeated. I'm not sure the password change is the ultimate solution but anyway is a security improvement.
UPDATE 2: As stated by Jix Sas, accessing from config in magento administration is an easier solution than directly accessing the database table. But the shit keeps coming back every 10/15 minutes.
UPDATE 3: Changed admin password, checked & saved some cms pages (customer-service and about-us) that seemed to be somehow infected, disabled cache, cleaned cache several times (after every check & save of 'infected' cms page) no more script injected during the past 8 hours.
I changed the path to admin panel in app/etc/local.xml and it helps. The script is no longer added to design/head/includes.
Explanation :
In the app/etc/local.xml I changed <admin> <routers> <adminhtml>
<args> <frontName><![CDATA[new_admin_path]]></frontName> </args>
</adminhtml> </routers> </admin> Previously it was
sitedomain.com/admin, and now path to admin panel will be
sitedomain.com/new_admin_path