"Magento security"

10 Eye-opening Tricks to Wrap Your Shopping Store with Fraud Protection

February 26, 2018 - E-Commerce, Magento 2

Magento 2 Fraud Protection

If you run an e-store, you should hardly be reminded how important it is to keep it secure. Cybercrime, viruses, fraud and other security threats populate the web and target those e-stores that are under-protected. Customers also fear their sensitive information being stolen and rely on the presence of trust signals when choosing which e-store to trust.

If you’re not sure whether your store is fraud-proof to the fullest, you’ll find this article useful. Today, we bring you a checklist of 10 crucial tricks to wrap your store with fraud protection. Make sure you follow them all before you lie back and let your e-store work for you. Continue Reading

CloudBleed – Cloudy With A Rain of Data

February 24, 2017 - E-Commerce, Magento 2, Magento tips & tricks

CloudFlare CloudBleed

Last week, Tavis Ormandy from Google’s Project Zero discovered a huge problem in the security of CloudFlare‘s edge servers. He contacted the company and reported that corrupted web pages were returned by some HTTP requests run through the popular hosting provider. Below, we shed light on the problem as well as provide information on how to prevent Magento form the new bottleneck dubbed CloudBleed. Continue Reading

What Is Magento Credit Card Skimming & How To Prevent It

October 13, 2016 - E-Commerce, Magento tips & tricks

What do we know about credit card skimming? It is one of the existing credit card frauds. Along with phishing, BIN attacks, and other violations, credit card skimming is aimed at getting credit card information for further usage. This type of fraud usually occurs at restaurants, ATMs, or gas stations. Malefactors use special devices to get the desired data, so often it is hard to detect skimming. That’s why you might have seen large sample pictures illustrating different ATM parts right on the ATM’s screen. Despite government all over the world tries to overcome the problem, malefactors constantly develop new technologies, so skimming spreads from offline to online. And below we shed light on Magento credit card skimming. The following posts covers essentials of the problem, provides some stats and useful links, describes what to do in case your store is hacked, and sheds light on how to prevent your Magento installation from skimming. Continue Reading

Extendware Bot Blocker Magento Extension Review

September 21, 2016 - E-Commerce, Magento tips & tricks

Recently, we’ve reviewed Extendware Anti-Spam Captcha – a tool designed to free your Magento website from spammers. This time, we’d like to draw your attention to another similar product – Bot Blocker. This Magento extension blocks bad bots and frees up server resources consumed by them. Hence, you get a faster store that exists without spam. Continue Reading

Amasty Security Suite for Magento

August 5, 2016 - E-Commerce, Magento tips & tricks

In this post, we’d like to draw your attention to a complex security solution developed by Amasty. Although, there are a lot of various security Magento extensions produced by third-party developers, Amasty Security Suite is an all-in-one tool that will help you control such aspect of your ecommerce website as actions of administrators, role permissions, backups, and logins. Let’s pay close attention to each feature after the break.

Magento critical security patches

The bes must have Magento extensions 2016

Wyomind Watchlog PRO Extension for Magento 2 and 1

July 13, 2016 - E-Commerce, Magento 2, Magento tips & tricks

The default Magento security is far from being perfect. Luckily, there are lots of third-party tools designed to increase the safety of your ecommerce storefront, and today we are going to talk about the Wyomind Watchlog PRO extension for Magento 2 and 1. With the help of this tool, you will easily stop all intrusion attempts to your backend. The extension automatically blocks unallowed IP and provides real-time reports on security threats. In the following post, we shed light on its details. Continue Reading

Magento critical security patches SUPEE-6788, SUPEE-6482, SUPEE-6285, SUPEE-5994, SUPEE-5344, SUPEE-3762, SUPEE-1533 (Shoplift)

October 28, 2015 - E-Commerce

Shoplift is a dangerous Magento bug. It allows hackers to take e-commerce store under a full control. The threat was discovered by Check Point. You can easily fix it with the help of patch SUPEE-5344. A lot of Magento stores are still vulnerable, because they haven’t applied the patch yet. Below, you we show how to fix the problem.

UPD (15.05.15): SUPEE-5994 Magento security patch

UPD (08.07.15): SUPEE-6285 Magento security patch

UPD (08.07.15): Magento Security Alert Registry

UPD (05.08.15): SUPEE-6482 Magento security patch

UPD (17.09.15): SUPEE-3762 Magento security patch

UPD (09.10.15): Magmi and Nginx

UPD (21.10.15): Guruincsite Magento Issue and SUPEE-6788 Magento security patch

UPD (24.11.15): Magento Security Patch SUPEE-6788 Performance Issues

UPD (28.01.16): SUPEE-7405 and SUPEE-7616

Unofficial but trustworthy FireGento Magento source mirror with all official Magento CE 1.7 – 1.9 critical patches included (SUPEE-5994, SUPEE-5344, SUPEE-1533)

Official guide to patch installation

All Magento security patches on GitHub

Magento Security Suite by Amasty

Guruincsite Magento Disaster

October 21, 2015 - E-Commerce

Guruincsite malware - a new Magento Magento Disaster

A new Magento malware has been discovered and it is a malicious script by Guruincsite. Unfortunately, a new attack vector is not identified, but we already know that the disease makes Magento websites vulnerable to a code execution issue. Below, we shed light on how to prevent your ecommerce store from Guruincsite Magento disaster.

UPD (21.10.15) SUPEE-6788 will help you solve the Guruincsite issue

Beware of Nginx and Magmi Data Import Tool

October 9, 2015 - Magento tips & tricks

Two potential security vulnerabilities have been discovered recently in the Magento ecosystem.

The first one is Nginx, but don’t panic, as this problem affects only some misconfigured Magento sites. Because of the misconfiguration, hackers get access to the Magento cache system. Please note, that cache files can contain such sensitive information as Magento database passwords: with this data, malefactors can access your Magento installation and as a result customer information. Continue Reading