The Largest M1 Breach to Date – What You Need to Know

Last weekend, there was a Magento 1 security breach that impacted more...
by ANAND HARIHARAN | September 16, 2020

Last weekend, there was a Magento 1 security breach that impacted more than 2000 storefronts, and that number could be higher. The attack used the “Magento Connect” section of Magento, also known as the downloader, to inject JavaScript code into the storefront.

Many of these impacted merchants may have already signed up for post-Magento 1 end-of-life patches, and installing them as soon as they are available is critical to preventing the same attack from happening again. However, developing new patches, customizing them to the specific environment, and applying them can take weeks and sometimes months, using up valuable time and resources, during which the application remains exposed.

True protection comes from having a hosting provider partner with a robust, proactive approach to scanning, monitoring, and acting upon risks as they occur, and preventing them from having any significant impact on the backend application. The strongest security solutions offer 360-degree protection against exploits that may be deployed through the filesystem, bypassed over vanilla WAF rules, and executed through the browser, all unbeknownst to the application owners.

Here are a few of the security measures Webscale uses to protect applications from exploits exposed by this attack:

  • Web controls to immediately block access to the downloader.
  • Real-time CSP alerting and blocking to ensure only pre-approved domains are executing scripts.
  • Web controls to protect admin page access, with whitelisting and multi-factor authentication.

However, if you are not yet on the Webscale platform, there are still a number of things you can do to better protect your applications.

  1. Search access logs for evidence of known attack patterns. Did anyone search for MySQL.php, and what part of the system responded? You should also validate that your checkout page has no scripts executed from mcdnn.net.
  2. Restrict access to admin portions of your website through multiple mechanisms, since it is one of the most common gateways for hackers to exploit Magento.
  3. Block access to “/downloader”, or even delete the downloader since it is no longer in use for Magento 1.
  4. Check your code for malicious scripts, and block browsers executing scripts from unknown or unsafe domains.
  5. Restrict php access from the internet to only specific files.
  6. Build a secure architecture where the firewall cannot be circumvented.
  7. Automate security, so any unintended changes to the file systems are identifiable or blocked.

Webscale’s range of ecommerce hosting solutions do all of the above, and more, and protect over 3000+ storefronts with its security-centric platform and architectures for 6+ years.

If you’d like a no-strings consultation with one of our ecommerce security experts to discuss your situation, we’d love to help – just drop us a note to info@webscale.com.

Popular posts

by Jose Kunnappally | August 22, 2022

Ecommerce Holiday Shopping 2022: What to Expect and...

by Jose Kunnappally | April 18, 2022

The Global Ecommerce Security Report 2022

by Jose Kunnappally | January 12, 2022

How a CDN can boost your Core Web...

by PAUL BRISCOE | January 11, 2022

3 Ways to Write Better Caching Modules in...

Stay up to date with Webscale
by signing up for our blog subscription

Recent Posts

by Daniel Bartholomew | September 25, 2023

Supercharging LLMs with Supercloud

Supercloud, characterized by a decentralized and distributed architecture, has the potential to revolutionize cloud computing. This paradigm shift could have far-reaching implications for Large Language Models (LLMs), such as ChatGPT,...
by Daniel Bartholomew | August 27, 2023

Key Kubernetes and Edge Trends to Watch

Daniel Bartholomew, Webscale's Chief Product Officer, has shared his insights on four noteworthy trends to monitor within the realms of Kubernetes, container orchestration, and the expanding landscape of edge computing....
by Daniel Bartholomew | July 31, 2023

Prometheus Querying – Breaking Down PromQL

Prometheus has its own language specifically dedicated to queries called PromQL. It is a powerful functional expression language, which lets you filter with Prometheus’ multi-dimensional time-series labels. The result of each...