At first let’s make clear what is Magento application? Magento it’s a CMS (content management system) specially designed and developed for web stores creating, in other words it’s an e-commerce platform. And Magento application it is a component of this system that processes user request and returns the final result.
Magento is quite a reliable system and it’s protected from various malware code attacks. But at the same time it allows intruders to explore the current system and search for different vulnerabilities to embed a malware code.
And if regular releases and patches for the system can fix the vulnerabilities, then extensions used in the system are not being updated sometimes. Additionally, the ignoring of version control system usage can lead to confidential data theft.
As an example I’d like to share with you the case from my work practice. The malware script was scanning the websites on magento system for existence of the installed webforms module, which had a vulnerability that allows to upload executive files. Then the following image.php script was uploaded.
After the script was executed, the magento core files were modified and additional scripts were uploaded.
Modification of the following file allowed to send all the card payments data out (card number, card holder name, card verification number and billing address).
Modification of that file allowed to send out admin panel accesses data in clear.
The code of these files modified and deleted .htaccess files for further malware files uploading.
The damage which is done by this code is obvious.
But the script was detected and neutralized before embedding in virtue of Version Control System – GIT.
A file with the following code was used to prevent php scripts launching in directories:
deny from all
Also the directories that are used for uploaded files should have 644 permission.
It is necessary to perform continuous monitoring of a system condition, to escape such problems, and to use the latest updates and patches that affect not only to the magento systems but to the installed extensions as well.