I downloaded the patch and I have unzipped overwriting files as I can see if the patch is properly applied.
Just overwrite files https://github.com/sashas777/magento-1.9-patch-1533-5344
the patch would be applied
I have no idea how to apply security patch so I opened a ticket with hosting company and this is the error message they received when they tried to apply.
PATCH_SUPEE-5388_CE_1.4.0.0-1.5.0.1_v1-2015-03-03-09-43-19.sh
Checking if patch can be applied/reverted successfully...
ERROR: Patch can't be applied/reverted successfully.
patching file app/code/core/Mage/Admin/Model/Observer.php
Hunk #1 FAILED at 37.
Hunk #2 FAILED at 44.
Hunk #3 FAILED at 55.
3 out of 3 hunks FAILED -- saving rejects to file
app/code/core/Mage/Admin/Model/Observer.php.rej
patching file app/code/core/Mage/Core/Controller/Request/Http.php
Hunk #1 FAILED at 37.
Hunk #2 FAILED at 459.
2 out of 2 hunks FAILED -- saving rejects to file
app/code/core/Mage/Core/Controller/Request/Http.php.rej
patching file lib/Varien/Data/Collection/Db.php
Hunk #1 FAILED at 421.
1 out of 1 hunk FAILED -- saving rejects to file
lib/Varien/Data/Collection/Db.php.rej
Does anyone have an idea about what is going on with this?
Thanks, any help will be appreciated!
Hi,
try to just rewtire patches from our Article whic has links to the github for versions 1.6.x-1.9.x
Choose according version for you then download applied patches and rewrite files.
Can someone help me, I am very new to Magento. The 5433 patch installed without a problem but the other one is not. It is saying the patch was installed but I did not install it... Please help
Here is my error message
Checking if patch can be applied/reverted successfully...
ERROR: Patch can't be applied/reverted successfully.
patching file app/code/core/Mage/Adminhtml/Block/Dashboard/Graph.php
Reversed (or previously applied) patch detected! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file app/code/core/Mage/Adminhtml/Block/Dashboard/Graph.php.rej
patching file app/code/core/Mage/Adminhtml/controllers/DashboardController.php
Reversed (or previously applied) patch detected! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file app/code/core/Mage/Adminhtml/controllers/DashboardController.php.rej
Hello @MickeyKnoxx
Please follow 3rd method from here, and let me know if that works
http://magecomp.com/blog/how-to-install-magento-security-patches/
SECURITY DISCLAIMER: The above website contains Magento Security Patch files which are self-hosted by the user and as such unsafe. Magento Forum advise all users to only download patch files from the official Magento Downloads page.
The message you received is telling you that Magento couldn't patch the MySQL driver located at lib/Varien/Db/Adapter/Pdo/Mysql.php That line at the end tells you that the patch utility saved more details log information in a file called lib/Varien/Db/Adapter/Pdo/Mysql.php.rej - go view it to see what it said and it may clear this up for you.
We've remediated many sites since these exploits were released and to assist the community in responding to them we've documented our research to provide a list of 18 known attack signatures so that you can check your systems for evidence of them and respond accordingly. Keep in mind we've never seen two compromises that are exactly the same, so there's a chance your particular system might be slightly different - if you discover anything on your system that we don't already have documeted, please share that with us so we can update the attack signature guide.
We're working on a toolkit to automate the remediation of these item but it may be a week or two until it's ready for distribution. In the meantime, we're sharing the knowledge we've acquired working through these compromises with everyone in the community in an effort to make sure everyone is as safe as can be expected.
I'm including a 3-Step Compromise Response Process below that we've worked over and over again to get consistent results. The key assumption you're going to have to make is that you can't know what has or hasn't been compromised until you diff the files in your system against the default source code provided by Magento or a copy you have made in your (Git / Mercurial / SVN) repository. YOU SHOULD ASSUME that your database and logins have been compromised and go change them all.
We provide a link to a guide we've uploaded to our GitHub repo that is tracking the 18 signatures we have been able to clearly identify in the wild that relate to these most recent security announcements. You should go through each and every one of them to see if you can find anything that matches. If so, you can follow the instructions to either delete or replace the compromised file or delete or update your database to replace the affected data. It's in PDF format now, but we should have it converted to Markdown by tomorrow.
CRITICAL NOTE: Installing the patches from Magento WILL NOT help you if you have already been compromised. At best, it will stop ADDITIONAL compromises of the known types, but if you are already compromised then you'll have to BOTH install the patches and remediate your system as we highlight below.
Let me know if you discover anything not included already in that guide - we're trying our best ot keep up with the latest developments on this topic and happily welcome any contributions from the community.
Phase 1: Identify the scope of your compromise. Each and every one of the items I list below are signatures we've discovered on compromised Magento sites specicifally relating to the SUPEE-5344 and SUPEE-5994 vulnerability announcenments. You need to go through each one and check to see if you find any evidence on it on your system. Many of them are enough by themselves to allow an attacker to re-enter your systen after you patch it, so you'll have to be dilligent and make sure you don't skip anything or fail to remediate it.
Phase 2: Delete what you must, and replace what you can : use the original files from your repository or the Magento source files. If you're not running one of the latest versions, you can still use the Magento download page to grab older version sources from their site.
Phase 3: RESET Credentials: Inventory every use of a login name and password remotely related to your deployment and reset them all, including
- You can be reasonably sure that the preceding steps will help you purge infected fies but you can not know if passwords have been sniffed or key logged or the victim of some other attack, so resetting all related credentials is the safest option if you are going to attempt to remediate a compromised system.
The guide is too long to post in this response but the PDF can be downloaded immediately at our GitHub reopsitiory.
Sincerely,
Bryan “BJ” Hoffpauir
<< Signature to be setup in your profile >>
Contact me at work via AOE - the open web company online!
Hi! I'm having the same issue, even if I'm in the Magento directory
Here's my topic, could I ask you some help?
I install PATCH_SUPEE-6788_CE_1.9.0.1_v1-2015-10-26-11-46-45.sh.
The message show :-
Checking if patch can be applied/reverted successfully... Patch was applied/reverted successfully.
but when i check 'applied.patches.list' inside app->etc it is empty.
May i anyone help?