Last evening Magento released another security announcement. Attackers appear to be targeting Magento sites that were not patched for the Shoplift bug reported back in February 2015. All Neoverve hosted Magento sites were patched for the Shoplift bug by us at that time. New client sites were patched upon migration and or implementation.
Patching for the most recent vulnerabilities, SUPEE-6788 is still underway. Therefore, merchants need to be extra attentive to their sites and report anything suspicious to Neoverve Support.
Hackers tend to attack easy targets. In addition to patching for known vulnerabilities, there are other things that could be done to deter malicious activity. Check your Magento user guides and contact us if you’d like our assistance implementing any additional precautionary measures.
Here is yesterday’s announcement:
Make Sure Your Site is Secure
Attacks are likely using Admin or database access to implement the exploit. It appears most impacted sites have not implemented the February 2015 Shoplift patch, or the patch was implemented after the site was already compromised. Attackers can also gain Admin access due to weak passwords, phishing, and other unpatched vulnerabilities. More information about this malicious code is available on the Magento Security Center.
All merchants should take this opportunity to make sure that their sites are secure. We recommend that you:
- Scan your site with a tool like magereport.com
- Apply all patches available on the Community Edition Download Page or in MyAccount
- Check for any unknown files in the system
- Review and remove all unknown Admin accounts
- Change all remaining Admin passwords to strong ones (e.g., they should be long, and include symbols, upper and lower case letters, and numbers)
- Follow security best practices outlined in the Magento user guides
Thank you for your prompt attention to this issue.
The Magento Team