Beware of Nginx and Magmi Data Import Tool
Two potential security vulnerabilities have been discovered recently in the Magento ecosystem.
The first one is Nginx, but don’t panic, as this problem affects only some misconfigured Magento sites. Because of the misconfiguration, hackers get access to the Magento cache system. Please note, that cache files can contain such sensitive information as Magento database passwords: with this data, malefactors can access your Magento installation and as a result customer information.
To prevent your store from attacks, make sure that your configuration file protects directories and files properly. Check the guide and the example of a file to find out proper settings for your server environment.
As for the Magmi data import tool, some sites use it without any outside access protection. Thus, attackers can use the tool for gaining access to your Magento installation. To fix the problem, remove Magmi from your production website. Alternatively, you can limit access to it. Use IP address or password based restrictions.
Other Magento security vulnerabilities
Related posts
How to Import Customers & Customer Addresses to Magento 2
Magento 2 B2B Company Guide: Revealing Company Structure & Import
A Complete Guide to Shopify Customer Import
Shopware 6 Advanced Pricing Guide + Import Tutorial
Magento Open Source and Adobe Commerce 2.4.7 Release Notes
Magento 2 Release Notes
Reputon Amazon Importer Review: How to Connect Shopify to Amazon in a Few Clicks
How To Bulk Import Products In Shopify: CSV Description & Step-By-Step Guide