If you haven’t patched this vulnerability, you should.
|By: Chase Palmer|
Senior Program Manager
Here is some more information about the Shoplift Bug, how it makes your system vulnerable, and what you need to do to combat it.
SEE ALSO: How do Hackers Hack?
How does the Shoplift Bug work?Through the Shoplift Bug, hackers can remotely execute code on Magento software. This vulnerability seems to affect both the community and enterprise versions of Magento.
The Shoplifting exploit is actually a chain of vulnerabilities in the Magento core software, but is frighteningly simple. The exploit uses a Python script that forces the server to downgrade the website from HTTPS to HTTP and then uses SQL injection to create a new user with administrative privileges.
Once the attacker has access to the dashboard with administrator access, they will typically install software through the console that will create a backdoor that allows the attacker to remotely alter the functionality of the online store, add or remove products, change the price of products, add phony coupons, and much more.
What should I do?Unfortunately, this exploit was highly automated and nearly all vulnerable instances of the Magento dashboard are assumed to be compromised. If you don’t know if you’ve patched your site recently or if you’re a Magento user, check on MageReport.com.
If you haven’t installed this patch, here’s a list of steps you should take to patching your website:
- Download and implement the two patches from the Magento Community Edition download page
- Test the patches in a development environment first to make sure they’re working properly before deploying them in your production environment
- Check for unknown files in web server document root directory. If you find any, remove the files, keeping a secure copy if possible
- Check all admin accounts to make sure they’re all authorized. Change all admin passwords have you suspect a breach
- Check for unknown IP addresses accessing the system, since hackers may be using legitimate credentials to gain access to your system. Examples of addresses could include 184.108.40.206, 220.127.116.11, and 18.104.22.168
If you haven’t already installed this latest patch, you should do so as soon as possible.
Patch your systemsRemember, it’s important to stay up to date on your systems and patch any vulnerabilities that pop up. Tips to do this include:
- Sign up for newsletters/notifications from vendors you use: Once they release a new patch, you’ll be notified.
- Patch the vulnerability as soon as possible: The sooner you fix the vulnerability, the less time you’ll be open to attacks
- Set up a schedule to regularly patch and update software: This will keep your software updated in its most secure state.
Chase Palmer (CISSP) is the Senior Program Manager and has been working at SecurityMetrics for seven years. He manages the company’s largest corporate partners in running mass Level 4 PCI DSS programs worldwide. Chase has a Bachelor’s degree in Business Management from Western Governor’s University. He currently lives in Provo, Utah, and he loves everything about motorcycles.