Subscribe to our Blog
How do you recover control of your online business?
Firstly, you need to understand what Magento Shoplift is so that you can devise a strategy to secure your online business.
What is Magento Shoplift ?
Magento Shoplift is a vulnerability that allows unauthenticated users to access administration pages on the website – and exploit certain pages via SQL Injection.
What does this mean?
It means that with this level of access, an attacker can perform admin functions, such as:
- Adding new users.
- Altering product data.
- Altering the website (see our short video on re-direct payments and the compromise we illustrate in there)
- Steal your customer personal data (email addresses, telephone numbers, account passwords, addresses, credit card data).
- Setting your website up as a malware distributor, or worse.
In short, if you have been affected, you need to act now to protect your business as the effects could be hugely damaging for your business brand and finances.
These are (mostly) highly effective and focused criminals with a high level of skill and technical capability – they are after your business.
What can you do about it?
There are 4 steps you should take immediately:
- Patch your version of Magento - Magento released a patch in February 2015, details can be found at: http://magento.com/security-patch
- Ensure that you build a process to update your Magento installation and third party modules at least monthly.
- Inspect your Magento administrator user list for suspicious or unknown users and remove them.
- Restrict access to Magento administration directories to known IP addresses, using web server configuration or a .htaccess file.
The attackers are highly likely to have anticipated you following the above steps and installed a web shell/backdoor to enable ongoing access should you successfully complete the above steps.
So how do you give your website an “all-clear for business” and ensure you are protected from future attacks?
Install FGX-Web to:
- Filter all traffic to and from the website – blocking out further attacks and protecting your website when you’re late with future patches. If you had this in place before the Shoplift vulnerability, your website would not have been at risk.
- Place a tamperproof seal on the website – this will tell you when any changes occur on your website. If you made the change – great. If the changes were not made by you, they are likely made by a criminal. If your website has been hacked via Shoplift, then the attackers will be using their access to make changes. FGX-Web will tell you when those changes are made, so you know if you have ongoing issues or not.
- Daily checks for malware, back doors, web shells. If the attackers have access to your website, they will undoubtedly have loaded a web shell/backdoor/malware to re-gain access later. FGX-Web will help you to find these web shells/backdoors/malware.
- Scans for unprotected credit card data.
- Unlimited support from our security specialist support team.
Forensic Assistance – if you need help with any of the above Foregenix is one of the leading digital forensic teams globally and we can help you.
You can check your website's current security status right now, here:
Benjamin Hosack
Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).
See All Articles