If you suspect an old Magento 1.9 store was hit, check your logs for these strings (available in public GitHub exploit dumps):
A Python 3 compatible exploit script for Magento CE versions earlier than 1.9.0.1 is available at the Hackhoven/Magento-RCE repository . Unauthenticated SQL Injection (CVE-2019-7139) magento 1.9.0.0 exploit github
: Magento 1 reached its end of life on June 30, 2020 . Official security patches are no longer released by Adobe. If you suspect an old Magento 1