Hackers are wreaking havoc in the ecommerce arena, and this time they have targeted Magento stores. In the past few months, they have hacked over 300 Magento stores and the streak continues. Surprisingly, the cause of all this is a small, but notorious bug ‘PRODSECBUG-2198’.
Reports highlight the fact that in the last few months, Magento released an update to make the store faster and improve Progressive Web Apps Architecture (PWA) connectivity. The update backfired when hackers exploited a loophole in it.
Note that this update was released way back in March, and thus it shouldn’t be a cause of security concern in June.
However, in a dramatic twist, the firm Ambionics Security, which had discovered the bug, tried to jump the gun and published a proof of concept code just two days after the Magento patch was released.
This was a jackpot for the hacking community, and even the n00b hackers started looking for opportunities.
As of Now
As you read these words, hackers have hacked hundreds of Magento stores, with over 300 stores attacked in the last month alone.
ZDNet reports that the flaws in Magento CMS can also be exploited remotely, and unauthenticated attackers can take unpatched and vulnerable sites, steal user data, and infect them with viruses and malware.
PRODSECBUG-2198 Information
Type: | Injections: SQL |
CVSSv3 Severity: | 9 (Critical) |
Description: | An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. |
Product(s) Affected: | Magento Open Source prior to 1.9.4.1, and Magento Commerce prior to 1.14.4.1, Magento 2.1 prior to 2.1.17, Magento 2.2 prior to 2.2.8, Magento 2.3 prior to 2.3.1 |
Fixed In: | Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.1.17, Magento 2.2.8, Magento 2.3.1 |
Reporter: | cfreal |
Source: Meetanshi
Tips to Stay Secure from Magento Attacks
Here is a list of solutions you can implement to stay secure and avoid any hacking attempts on your ecommerce store.
-
Install PRODSECBUG-2198 Magento Patch
To protect your store from this vulnerability, install patch PRODSECBUG-2198. However, it is better to protect against this vulnerability and others by upgrading to Magento Commerce or Open Source 2.3.1 or 2.2.8.
To apply the patch on Magento stores, you must run the following commands in the server shell.
bash Patch-Name
e.g.
bash PRODSECBUG-2198-2.3-CE.patch
Once done, run the following command to know if the patch has been installed successfully on the server.
grep '|' app/etc/applied.patches.list
Now remove the .patch file from the root directory of your Magento store. Use the following command using SSH.
rm Patch-Name
-
Get Magento Enterprise Cloud
Cloud customers can upgrade ECE-Tools to version 2002.0.17 to get this vulnerability in core application patched automatically. Magento infrastructure teams have added measures to block any currently known ways to exploit the vulnerability by adding additional WAF rules, which are deployed globally. Even though we have blocked known ways to exploit the vulnerability, we strongly recommend to either upgrade ECE-Tools or apply the patch through m2-hotfixes.
-
Use Third Party Scanners
If you already have patched the bug, change all admin/passwords right away, as hackers are likely to steal data from stores. Now, inspect your site for malicious code or unauthorized access using third-party malware scanners. Restrict IP addresses to a selected few, and don’t use dynamic IPs for connecting with the system. It is recommended to use secure VPN from providers as it will enforce encryption.
-
Stay Informed & Aware
The only real way to ensure that your Magento store remains safe is to have a robust patching policy in place that can turn around UAT and production deployments within a very short time. Sign up for Magento’s security emails, follow hashtags on Twitter, and hang out in the #security channel of MagComEng on Slack.
Apply patches to all stores/instances as quickly as possible whilst robustly testing your solution. Make sure to keep an eye on Magento’s Stack channel in case, known issues with any patches arise. Use automated testing to ensure that the core area of your site isn’t affected by patches. Use a third party testing tool such as Foregenix as soon as you think you have an issue.
-
Block Suspicious URLs
As a merchant, when something like this happens, it is extremely important to patch the stores without any delay. Magecart and other Magento hacker groups actively scan most of the Magento websites to find the unpatched stores in order to steal customer credit card information.
In order to avoid such a situation, ask your in-house team to swiftly patch the store. Consider blocking suspicious URLs. For example,catalog/product_frontend_action/synchronize.
Actively monitor the server logs to look out for any suspicious activities. Block the offending IPs and reduce the risk.
Tired of updating Magento all the time?
Switch to Magento Managed Cloud.
Stay Safe!
It seems that the attacks can be thwarted by installing the Magento patch on your ecommerce store. But consider these attacks as a warning for self to stay informed of recent releases. Keep reading Cloudways – the best Magento hosting solution for more updates on Magento security hacks and vulnerabilities.
Sharjeel Ashraf
Sharjeel loves to write about startups and ecommerce. In his free time, he is on the road or working on some cool project in his den.