About the Magento Shoplift BugIf you host with Web 2 Market, then you probably haven’t been impacted by the Magento Shoplift bug. Our team has confirmed that all of our sites have been patched to protect your store from the Magento Shoplift Bug. You most likely heard about the vulnerabilities when logging into your Magento Admin last week.
The “shoplift” bug is a remote code execution vulnerability. It was first reported by Check Point Software Technologies in January 2015. Both Magento Enterprise Edition and Magento Community Edition are impacted. It allows attackers to obtain control over a store and its sensitive data, including personal customer information. In February, Magento issued a patch.
If you feel your site might be compromised, here are some clues (provided by Magento):
- Check your list of administrator users for unknown accounts. We have seen vpwq and defaultmanager being used, but any unknown account is suspicious
- Check for any port redirections on OS level (sample command: iptables -L -n)
- Check your Magento installation for any unknown files that were recently created and are suspicious. Compare all files to your code repository or staging server.
- Check server access log files for request POST /index.php/admin/Cms_Wysiwyg/directive/index/ coming from unknown IP addresses.
- Check for hidden files
- Run a tool to check for trojans (e.g. chkrootkit)
- Check for wrong permissions
- Check for suspicious ports being opened (command: netstat -nap | grep LISTEN )
Magento Shoplift Bug Test
Here is a helpful link to test if your website is vulnerable:https://magento.com/security-patch.
If you have a Magento 1.9, or older, Magento store, you should strongly consider upgrading to Magento 2. Magento 2 was released over a year ago, and is now stable, with many new features. Also, in 2018 Magento will stop providing security patches for Magento 1.x. Considering the many security issues in the past year, your store could become disabled, credit card data stolen, and no patch will be available.
If you find out you are still vulnerable and would like help patching your site please contact us today.