Written by Steve Perry
Published on
Magento Security: is your online store open to brute force attacks?
The forensic team at Foregenix has recently identified a number of cases where attackers use a brute force to gain full access to Magento stores.
These attackers were able to gain full access to Magento stores due to a combination of weak passwords and poor file system setup in the Magento directory, namely the www./downloader/.cache/community
and www./downloader/index.php
paths.
Having access to these paths meant that the attackers could then upload a genuine, normally harmless, module which allows full editing of Magento files straight from the admin. Furthermore, two webshells were then uploaded to the website which allowed attackers to add, edit and remove files within the webserver root directory.
How do I know if my store is affected or vulnerable?
Foregenix have created a simple-to-follow whitepaper, which you can download from their website, or alternatively get in touch today so that I can take a look for you.
Magento security, staying safe
It’s important to keep your Magento ecommerce website safe and secure as well as keeping Magento itself and all installed modules fully up-to-date. I offer cost-effective maintenance packages which make this easier for you.