Written on September 16, 2015
The forensic team at Foregenix has recently identified a number of cases where attackers use a brute force to gain full access to Magento stores.
These attackers were able to gain full access to Magento stores due to a combination of weak passwords and poor file system setup in the Magento directory, namely the
Having access to these paths meant that the attackers could then upload a genuine, normally harmless, module which allows full editing of Magento files straight from the admin. Furthermore, two webshells were then uploaded to the website which allowed attackers to add, edit and remove files within the webserver root directory.
It’s important to keep your Magento ecommerce website safe and secure as well as keeping Magento itself and all installed modules fully up-to-date. I offer cost-effective maintenance packages which make this easier for you.