Online Stealing Menace: Getting to Know The Magento ‘ShopLift’ Bug
Shoplifters…every brick and mortar store owner is familiar with them. In the online world, the Magento Shoplift bug is a recent Magento vulnerability reported in late January 2015 that allows attackers to gain control over a store as well as its data using RCE (Remote Code Execution). This simply involves some one hacking your Magento Store and rewriting a core Magento file, so that the hacker can gain access to credit card Information. Hence, it is quite possible that your store might have been affected.
Researchers who often function as white Hat Hackers belonging to a private group Check Point recently discovered that this critical RCE vulnerability could lead to a complete compromise of any Magento Store. The affected data can include credit card information, and other financial and personal data. This critical vulnerability can affect nearly two hundred thousand online shops. Store owners are advised to apply the patch immediately if they haven’t done so.
How to patch this vulnerability
In the case of this specific shoplift bug, the exploit takes serious advantage of an important core file – cc.php. In case you see specific PHP functions like ‘curl’ then your store might have been compromised. Presently Magento advises merchants who are using the Magento Platform after they log in to the admin, to download the patch SUPEE-5344, which was released on Feb 9, 2015.
The unauthenticated hacker can actually exploit a chain of several vulnerabilities so that he can gain control of the store and its complete database. This allows credit card theft or other administrative access into the Magento system, by exploiting the vulnerabilities affecting the magneto core directly. Currently, the 220.127.116.11 CE and 18.104.22.168 EE are confirmed to be susceptible to this vulnerability.
How to protect your store
However it could happen that the store could have been compromised already, leaving customer accounts as well as the encrypted passwords at risk. In this case, its probably a wise decision to let customers know that their has been a security breach. At the same time, its better to use stronger encryption methods rather than the relatively weaker encryption method that Magento uses.
Another option that you need to consider is the likelihood of a backdoor being left behind by the attacker. This could mean that you would need to ultimately re-install the server in some cases including various other crucial steps. Other steps that you might need to take would be to disable the shopping cart besides scanning your personal computer for viruses.
Additionally, you might want to take additional steps such as creating unique databases for Magento alongside unique users who have a unique password. You will also need to use a secure admin path. If possible, avoid installation of modules directly via Magento Connect. Check the legitimacy of the developers from which you choose to install the modules. Furthermore, go secure with all your accounts by choosing unique passwords. Give restricted access to outside developers and also actively monitor those who have access to your passwords.
You might also need to make a change to the way you access your server, and here, some of the issues include public key authentication, use of SFTP, privileges separation, disabling dangerous PHP functions, the judicious use of the Magmi import tool, and solving issues related to back-door’d websites.
To conclude, there’s a lot that goes int website security, so you need to monitor carefully every activity and obtain expert advice if essential from a Magento Website Security Consultant. You need to understand that no website is 100% secure and go on and secure your website right away.