Magento Shoplift Bug: Has Your Store Been Shoplifted?

by | Apr 24, 2015 | Blog, Ecommerce, Magento Performance, Magento Updates | 0 comments

About the Magento Shoplift BugIf you host with Web 2 Market, then you probably haven’t been impacted by the Magento Shoplift bug. Our team has confirmed that all of our sites have been patched to protect your store from the Magento Shoplift Bug. You most likely heard about the vulnerabilities when logging into your Magento Admin last week.

The “shoplift” bug is a remote code execution vulnerability. It was first reported by Check Point Software Technologies in January 2015. Both Magento Enterprise Edition and Magento Community Edition are impacted. It allows attackers to obtain control over a store and its sensitive data, including personal customer information. In February, Magento issued a patch.

If you feel your site might be compromised, here are some clues (provided by Magento):

  • Check your list of administrator users for unknown accounts. We have seen vpwq and defaultmanager being used, but any unknown account is suspicious
  • Check for any port redirections on OS level (sample command: iptables -L -n)
  • Check your Magento installation for any unknown files that were recently created and are suspicious. Compare all files to your code repository or staging server.
  • Check server access log files for request POST /index.php/admin/Cms_Wysiwyg/directive/index/ coming from unknown IP addresses.
  • Check for hidden files
  • Run a tool to check for trojans (e.g. chkrootkit)
  • Check for wrong permissions
  • Check for suspicious ports being opened (command: netstat -nap | grep LISTEN )

Magento Shoplift Bug Test

Here is a helpful link to test if your website is vulnerable:

Next Steps

If you have a Magento 1.9, or older, Magento store, you should strongly consider upgrading to Magento 2. Magento 2 was released over a year ago, and is now stable, with many new features. Also, in 2018 Magento will stop providing security patches for Magento 1.x. Considering the many security issues in the past year, your store could become disabled, credit card data stolen, and no patch will be available.

If you find out you are still vulnerable and would like help patching your site please contact us today.
magento shoplift bug

Technical SEO for Ecommerce Websites

Whether you’re building a new Magento site, or just want to optimize your live storefront, getting it ready for search engines to index is critical. We present this checklist of 10 tasks for your use. Some of these tasks require a developer, and some don’t. Some can...

Pacific Press Case Study: How an Upgrade Drove Explosive Growth

Spoiler: “Visits by mobile users have exploded compared to our old site; we’ve moved from virtually none to almost 50/50. Over the last 28 days we are showing more than a 30% increase for sales, total orders, and conversion rates vs. the old site”. Pacific Press had a...

Time to Move to Google’s WEBP Image Format

If you've worked on websites long enough, you've seen the progression from GIF to JPEG and to PNG. The next image format is the Google-developed WEBP image format. Here we'll explain what WEBP is, describe the benefits of switch to WEBP, how to measure the difference...

Avoiding The Costs of Updating Your eCommerce Site’s Theme with Every Update

With eCommerce being more dynamic than ever before, Magento, Shopify and AbleCommerce seem to be shifting into high gear, releasing new updates regularly. This is great for performance, security and other aspects of building an online store and cementing an online...

Google Shopping Video Tutorial from the June Chicago Ecommerce Meetup Group Meeting

Google Shopping Tutorial If you're a merchant selling products, you should take a close look at Google Shopping. If your products are unique and/or price competitive, this tool could help you sell substantially more product. Every day, millions of people are using...

Web 2 Market Digital Marketing Case Study

American Technical Publishers (“ATP”) is an industry leader in textbook publishing for career and technical training. Founded in 1898, the company sells worldwide through its website on the domain and by phone order. As ATP improved its product...

How to GDPR prepare your online store?

GDPR or General Data Protection Regulation is an updated version of the 1995 Data Protection Directive. With the advance of the different ways we go on the internet, a more defined law was in demand. The GDPR is drawn to protect the rights of all the European Union...

Learn how eCommerce with Magento helps expand Online Business

Online shopping is a billion dollar industry. And Magento has cornered the eCommerce market with more than 250,000 online stores in America alone. The reputation is because of the Magento program’s ability to fit any online business. All that stops you from standing...

Magento website templates – How the right template can boost sales?

Magento is an out of the box eCommerce software. And it also has a free Community version which is the most popular. Because of the way Magento is set up, no two online stores look and feel the same. The uniqueness comes from the way the store is designed using...

Hosting for Magento – How to find the right hosting for eCommerce stores?

Magento is a huge program to host. Without a great hosting partner, the Mage program loses all its benefits. Coded on the PHP framework, Magento is a very popular program that comes without a host. The one click out of the box store is easy to install. However it is...