cancel
Showing results for 
Search instead for 
Did you mean: 

After installing Security PATCHES with success still vulnarable?

SOLVED

After installing Security PATCHES with success still vulnarable?

I could finally manage to install the patches with the help of

http://magentary.com/kb/apply-supee-5344-and-supee-1533-without-ssh/

and

http://stackoverflow.com/questions/20572320/magento-1-7-2-security-patch-error-via-ssh

 

After the test at https://shoplift.byte.nl/

I still receive the message:

WARNING The Magento shop at www.... is VULNERABLE to the Shoplift bug. You should fix it ASAP.

And the fix is:

I applied the patch but this site says I'm still vulnerable?

First, this site caches results for 5 minutes. Second, you should empty all your local caches. This includes flushing caches from within Magento, restarting your PHP-FPM service (opcode cache), and disabling or re-compiling the Magento PHP compilation (System -> Tools -> Compilation).

 

I did all of it exept that I cannot run the opcode cache reset () ar my server.

Is there an easy way to do that?

 

Thanks a lot!

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: After installing Security PATCHES with success still vulnarable?

The next step after recompile and manually deleting all the subfolders in var/cache/ would be to do a manual compare between the patched files and the files out of a fresh copy of the Magento install archive.

 

Hopefully the following will have some pointers

http://stackoverflow.com/questions/17224798/how-to-use-php-opcache

 

If you're still using APC cache

http://stackoverflow.com/questions/911158/how-to-clear-apc-cache-entries

 

Either function could be put in a php script and run by calling it through the web server. It has to run in the same process that created the cache so a command line execute of the script won't do the job.

View solution in original post

8 REPLIES 8

Re: After installing Security PATCHES with success still vulnarable?

Hello 

 

Try this one, 

http://inchoo.net/magento/manage-apc-from-magento-admin/

 

If doesn't help, can you ask your hosting provider?

Was my answer helpful? You can accept it as a solution.
175+ Professional Extensions for M1 & M2
Need a developer?Just visit Contact Us Now

Re: After installing Security PATCHES with success still vulnarable?

The next step after recompile and manually deleting all the subfolders in var/cache/ would be to do a manual compare between the patched files and the files out of a fresh copy of the Magento install archive.

 

Hopefully the following will have some pointers

http://stackoverflow.com/questions/17224798/how-to-use-php-opcache

 

If you're still using APC cache

http://stackoverflow.com/questions/911158/how-to-clear-apc-cache-entries

 

Either function could be put in a php script and run by calling it through the web server. It has to run in the same process that created the cache so a command line execute of the script won't do the job.

Re: After installing Security PATCHES with success still vulnarable?

Thank you for your answer! I will sure try that and let you know!

regards

 

IKDR

Re: After installing Security PATCHES with success still vulnarable?

 

Re: After installing Security PATCHES with success still vulnarable?

Still I continue with the same prob:-(

 

The support from my server also has no clue. He just told me that the PHP-FPM was not active on the server.

The functions of opcache also don`t seem to work.

 

Sorry, but I cannot find any way to clean the server cache or restart the php....

Gratefull for any futher ideas!

 

Thank you!
IKDR

Re: After installing Security PATCHES with success still vulnarable?

Hello @IKdR

 

You can follow our blog post for the proper patch installation,

http://magecomp.com/blog/how-to-install-magento-security-patches/

you can even contact us if you still face issues, we help you with patch installation for every community member for FREE.

 

SECURITY DISCLAIMER: The above website contains Magento Security Patch files which are self-hosted by the user and as such unsafe. Magento Forum advise all users to only download patch files from the official Magento Downloads page. 

Was my answer helpful? You can accept it as a solution.
175+ Professional Extensions for M1 & M2
Need a developer?Just visit Contact Us Now

Re: After installing Security PATCHES with success still vulnarable?

Hello @theMageComp,

thank you for your help!

I installed the extension from your site :

 

Patches installed

But still the test at https://shoplift.byte.nl is negative :-(

WARNING The Magento shop at fix...pt is VULNERABLE to the Shoplift bug. You should fix it ASAP.

 

So I don`t know what to do any more!

IKDR

Re: After installing Security PATCHES with success still vulnarable?

Hello @IKdR

 

Please PM us with the details, we will be happy to help you.

Was my answer helpful? You can accept it as a solution.
175+ Professional Extensions for M1 & M2
Need a developer?Just visit Contact Us Now