More than 2000 Magento 1 sites hacked

Reading Time: 2 minutes

Since Magento 1 went to end of life, we have noticed an increase in attacks on Magento 1, mainly targeting / downloader. Just lately more than 2000 Magento 1 stores around the world have been hacked.

Many other attacks then occurred some time after the Magento EOL. In this case, many victimized shops had never had a history of security incidents. This suggests that a new attack method was used to gain server access to all of these repositories. This episode may be related to the Magento 1 0day (exploit) that went on sale at the time.

User z3r0day had in fact announced on a hacking forum to sell a Magento 1 “remote code execution” exploit method, including the instruction video, for $ 5000. Seller z3r0day pointed out that since Magento 1 was In End-Of-Life, Adobe would no longer provide official patches to fix this bug, which made this exploit even more damaging for store owners using the legacy platform.

Obviously this was just one of the many episodes that have occurred from the Magento 1 EOL to date. It therefore becomes essential to have the right strategy in order to better protect your Magento 1 site, perhaps waiting for the transition to Magento2.

But how can we do?

How to protect Magento from attacks?

To protect your store from this and future exploits, there are a few basic steps you can take.

Change the name of the backend panel

Magento 1: The default “admin” is defined in the app / etc / local.xml file in admin → router → adminhml → args → frontName . Turn it into something you can easily remember, but hard for others to guess. So don’t use “control” or “admin123” or “manage”.

Empty the cache in the backend via: System → Cache Manager . Or run in SSH: magerun cache: flush

Magento 2: This step is not required, as Magento generates an obfuscated backend name during installation.

Protect / downloader and / rss

Magento 1 uses / downloader as a way to install programs via Magento Connect Manager. This link is a standard Magento URL, making it an easy target for attacks. While you will probably never use this folder, its presence is essential for installing (future) patches. So instead of renaming, we recommend installing IP access control (an “IP whitelist”).

NB. The / rss endpoints can be reached in various ways, including (for example) via /index.phprss/catalog/notifystock.

Install the adaptive filter

Hackers who launch attacks on your store are likely to use other malicious tactics as well. Therefore, it is recommended to block hacking sources as soon as they are identified. This is called an adaptive filter or intrusion prevention system (IPS). This step requires access to the platform / server, so it is usually done by the hosting provider.

Relying on MageShield

Last but not least, if you want to be sure that your Magento 1 site is always safe and updated, you can use MageShield , our Ecommerce protection service in Magento 1.

With MageShield your site will always be safe and secure!

MageShield f adorns a range of features designed to protect both your website and your company’s reputation:

  • Malware scan
  • Automatic malware removal
  • Vulnerability Scanning
  • OWASP protection
  • Firewall
  • Automated quick setup
  • Content Delivery Network (CDN)
If you are interested in the service:
>> Discover MageShield
Andrea Saccà
FOUNDER Bhoost Hosting

Sharing tips and insights on Bhoost and Page Speed Optimization

Leave a Reply

Your email address will not be published.