Attacks are likely using Admin or database access to implement the exploit. It appears most impacted sites have not implemented the February 2015 Shoplift patch, or the patch was implemented after the site was already compromised. Attackers can also gain Admin access due to weak passwords, phishing, and other unpatched vulnerabilities.
All Magento eCommerce site owners should take this opportunity to make sure that their sites are secure.Martin Starkie
We recommend that you:
- Scan your site with a tool like magereport.com
- Apply all patches available on the Community Edition Download Page or in MyAccount
- Check for any unknown files in the system
- Review and remove all unknown Admin accounts
- Change all remaining Admin passwords to strong ones (e.g., they should be long, and include symbols, upper and lower case letters, and numbers)
- Follow security best practices outlined in the Magento user guides
If you need help with any of the above, contact us today. We offer various technical web support packages. We can check if your Magento website is upto date with all the latests security patches and if it isn’t we can advise you of what is needed.
Got a Web problem that you need fixing urgently?
We’re a different breed of web company as we specialise in offering exceptional development support, whether it is fixing an urgent bug,
implementing new functionality or even re-building your whole website.
Share this Post