Get started in 5 minutes!

An OpenCart/Magento hacking dashboard

This post shows how sophisticated Magento hacking operations have become nowadays.

While investigating a bruteforced Magento store, we noticed that the hacker logged in using a curious referrer site:

"GET /rss/catalog/notifystock/ HTTP/1.1" 200 5676 "http://194.87.232.147:777/"

The site at http://194.87.232.147:777/ shows:

brute force dashboard

A “Magento report panel” asks for a Пароль (password). In the page source (beautified JS here) are some clues about its password protected functionality:

$.post("/home/getServers", function(n) {
$.post("/home/GetCountGoodLastDay", function(n) {
$.post("/home/GetCountServerLastDay", function(n) {
$.post("/home/GetCountSuccessLastDay", function(n) {
$.post("/home/ChangeMarkState", {
$.post("/home/ChangeComment", { 
$.post("/home/getCount", { 
$.post("/home/ChangeShell", {
$.post("/home/ChangeReservedLogins", {

Apparently somebody has built a sophisticated dashboard to manage bruteforce Magento hacking operations. It appears to show the daily progress on hacked Magento stores and it has a GUI method to mark found servers as “success”. Also, it can be used to log in to the backend of hacked stores.

We checked our forensic notes of previous cases and found that this dashboard was used in at least one other case. Sysadmins, check your server logs.

Update April 11th: Super-sleuth Len Lorijn noted that an Opencart Report Panel(http://194.87.232.147:999/Account/Login?ReturnUrl=%2f) is running on the same server. This signifies that e-commerce hackers are platform agnostic. If there’s money flowing through it, it’s worth hacking.

Prevent Magecart attacks,
protect your web store
with Sansec's eComscan

Since our discovery of MageCart attacks in 2015, we've investigated thousands of hacked Magento web stores. All our research findings are added to our automated malware and vulnerability scanner for Magento and Adobe Commerce.
Merchants using eComscan are protected against the latest malware attacks and all known backdoors. eComscan provides an hourly vulnerability audit on all Magento versions, configurations, and extensions.

Try our malware scanner