Organisations utilising the Magmi mass importer for their Magento websites should be aware that we have been seeing escalating numbers of websites being compromised through this plugin.
The issue relates to the Magmi plugin being implemented insecurely, which enables an attacker to utilise the Magmi importing and file download capabilities to obtain arbitrary files from the site or load malware/web shells/backdoors into the “victim” website to:
- Steal customer data.
- Steal transaction data (credit/debit cards).
- Modify the website.
Securing the Magmi Plugin is simple and web admins are strongly encouraged to check that they have implemented strong authentication and access controls to the Magmi UI (more information on this can be found at http://wiki.magmi.org/index.php?title=Securing_Magmi_UI_access). Passwords chosen to secure the Magmi UI should be secure, ideally at least 12 characters in length and a combination of uppercase and lowercase letters, numbers and symbols.
The developer of Magmi has given feedback on this alert, and has given information on how to cleanup most compromised servers, as well as how to limit access to Magmi from a single machine and test vulnerability.
FGX-Web Alert and FGX-Web Protect clients have their websites monitored for malware and unauthorised changes, which will ensure that attacks such as these are identified and stopped quickly.