Magento Malware Alert: Is your website being Brute Force Attacked?

Benjamin Hosack

read

Subscribe to our Blog

Magento Malware Brute Force Attack The attackers were then able to upload a genuine, non-malicious extension by Magpleasure which allows total editing of Magento Files straight from the administration panel - granting the hacker full control of the Magento environment.

This was then followed by two webshells being uploaded to the website, allowing an attacker to add/edit/delete files within the web root.

Detection

We have outlined how you can detect this malware yourself in a technical Whitepaper which you can download using the button below.

Alternatively, we are offering a free 7 day trial of Vngo to allow you to scan your website internally for these webshells.

Magento Security: The Forensic Team at Foregenix has identified a number of cases concerning the same method of Brute Force attack.

Attackers were able to gain access to the Magento Connect Manager of multiple Magento websites, through Brute Force Attack, due to a combination of weak passwords, open access to the website’s Magento extension download page (www./downloader/.cache/community), and open access to the Magento Connect Manager login page itself (www./downloader/index.php), neither of which should be publicly available.

Contact Us

Access cybersecurity advisory services

Speak With Us

Forensics and Incident Response Web Security Magento

Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles

Cybersecurity

Web Security

Website Security

Magento

PCI, PA-DSS and P2PE

Forensics and Incident Response

Malware

eCommerce

Penetration Testing

Foregenix

Indicators of compromise

Hack

Vulnerability

News

GDPR

Web Scan

Compliance

Encryption

Fraud

website security scanner

Magento Malware Alert: Is your website being Brute Force Attacked?

15 September, 2015

Benjamin Hosack

Subscribe to our Blog

Detection

Contact Us

Access cybersecurity advisory services

TAGS:

Forensics and Incident Response Web Security Magento

Benjamin Hosack

Related Content

5 reasons why IT Shouldn't Lead HR Incidents or Policy Violation Investigations

Steganography, Hidden Customer and Cardholder Data in JPG Files: How to Prevent It

The Resurgence of Magecart Attacks: Modern Techniques to Evade Detection

SUBSCRIBE

Subscribe to our blog

Services

Follow us