Magento Shoplift Bug: Has Your Store Been Shoplifted?

by | Apr 24, 2015 | Blog, Ecommerce, Magento Performance, Magento Updates | 0 comments

About the Magento Shoplift BugIf you host with Web 2 Market, then you probably haven’t been impacted by the Magento Shoplift bug. Our team has confirmed that all of our sites have been patched to protect your store from the Magento Shoplift Bug. You most likely heard about the vulnerabilities when logging into your Magento Admin last week.

The “shoplift” bug is a remote code execution vulnerability. It was first reported by Check Point Software Technologies in January 2015. Both Magento Enterprise Edition and Magento Community Edition are impacted. It allows attackers to obtain control over a store and its sensitive data, including personal customer information. In February, Magento issued a patch.

If you feel your site might be compromised, here are some clues (provided by Magento):

  • Check your list of administrator users for unknown accounts. We have seen vpwq and defaultmanager being used, but any unknown account is suspicious
  • Check for any port redirections on OS level (sample command: iptables -L -n)
  • Check your Magento installation for any unknown files that were recently created and are suspicious. Compare all files to your code repository or staging server.
  • Check server access log files for request POST /index.php/admin/Cms_Wysiwyg/directive/index/ coming from unknown IP addresses.
  • Check for hidden files
  • Run a tool to check for trojans (e.g. chkrootkit)
  • Check for wrong permissions
  • Check for suspicious ports being opened (command: netstat -nap | grep LISTEN )

Magento Shoplift Bug Test

Here is a helpful link to test if your website is vulnerable:https://magento.com/security-patch.

Next Steps

If you have a Magento 1.9, or older, Magento store, you should strongly consider upgrading to Magento 2. Magento 2 was released over a year ago, and is now stable, with many new features. Also, in 2018 Magento will stop providing security patches for Magento 1.x. Considering the many security issues in the past year, your store could become disabled, credit card data stolen, and no patch will be available.

If you find out you are still vulnerable and would like help patching your site please contact us today.
magento shoplift bug
 

Web 2 Market Digital Marketing Case Study

American Technical Publishers (“ATP”) is an industry leader in textbook publishing for career and technical training. Founded in 1898, the company sells worldwide through its website on the domain ATPLearning.com and by phone order. As ATP improved its product...

How to GDPR prepare your online store?

GDPR or General Data Protection Regulation is an updated version of the 1995 Data Protection Directive. With the advance of the different ways we go on the internet, a more defined law was in demand. The GDPR is drawn to protect the rights of all the European Union...

Learn how eCommerce with Magento helps expand Online Business

Online shopping is a billion dollar industry. And Magento has cornered the eCommerce market with more than 250,000 online stores in America alone. The reputation is because of the Magento program’s ability to fit any online business. All that stops you from standing...

Magento website templates – How the right template can boost sales?

Magento is an out of the box eCommerce software. And it also has a free Community version which is the most popular. Because of the way Magento is set up, no two online stores look and feel the same. The uniqueness comes from the way the store is designed using...

Hosting for Magento – How to find the right hosting for eCommerce stores?

Magento is a huge program to host. Without a great hosting partner, the Mage program loses all its benefits. Coded on the PHP framework, Magento is a very popular program that comes without a host. The one click out of the box store is easy to install. However it is...

eCommerce Magento theme – How to choose the right theme for your online store

eCommerce Magento theme involves different ways to go about it. Magento is an open source program which comes with a theme and a blank theme file which can be worked on. This helps online stores to add unique features to their store. For example, you can create blocks...

Magento site – What are the basic features for an online store

Magento is a huge program that is popular among eCommerce owners. All you need is to install Magento and set up the store. This out of the box solution even allows people to customize the store. However the customization should be undertaken by an experienced person....

Free Magento templates for Community and Enterprise stores

Magento has changed the eCommerce industry by providing the out of the box store solution. No matter what type of products you sell, Magento fits. Most business owners are however not very in tune with how to setup their eCommerce store. This includes finding the...

Magento Free templates – Tips to choosing the right store template

Magento offers a lot of potential for eCommerce store owners. It is open source, and provides an out of the box easy solution. This means the store is flexible to design and code according to your requirements. The very first thing that most store owners look for is a...

Design Magento – Three design tips for every online store owner

Magento is a very popular eCommerce program with online store owners. The way you can design Magento stores is unique. This of course leads to creating your very own branded store. There are however some things to consider when designing your store. Let’s look at just...