Magento Security Alert – New Malware Discovered

Magento has released a Magento Security Alert with information regarding recent reports of a new malware capturing information from all fields of the checkout process. This includes credit card information!

According to the Magento announcement there is no specific information yet as to how the attackers are gaining Admin access. Magento says they are most likely using Admin or database access, and it is likely they are guessing weak passwords, targeting unpatched website or using Admin accounts that were set up prior to a site implementing the latest security patches.

Secure Your Magento eCommerce Website

Is your Magento ecommerce website vulnerable? Check the following things:

  • Run a scan on magereport.com to see if you’re at risk for “Credit Card Hijack”
  • Check for unknown Admin accounts
  • Review your code for malware. Magento reported a likelihood of the walware text including “onepage|checkout” and may be found in one of these two places:
    • Admin->Configuration->General->Design->HTML Head->Miscellaneous Scripts
    • Admin->Configuration->General->Design->Footer-> Miscellaneous HTML

121eCommerce Website Security Tips

Admin Accounts – Never use the default login URLs, as they are easy to find and hack. Have your dev team change the admin panel URL to a custom login URL.
Account Passwords – Make sure all login passwords are at least 8 alphanumeric characters, including lowercase, uppercase letters and numbers.
FTP Access – Limit unsecured regular FTP access to a small group of directories. Use .htaccess and httpd.conf files to prevent scripts from running in these directories that can change any files and directories on the server that shouldn’t be accessible through those FTP accounts.
Restricted Admin Access – Restrict the admin access to approved IP addresses by blocking access to all IP addresses except specifically listed ones.

As Magento urges you to fix any weaknesses you find that may leave you vulnerable to this malware right away. Share this post with your dev team immediately, so they may begin to take action to secure the safety of your website.

If you would like our assistance, contact 121ecommerce directly by calling us at (216)586-6656, or message us through our Contact Us form. We can help you identify any potential website security vulnerabilities.