Hello,
Recently our magento site has been injected with a malicious trojan javascript code.
We decided to have our magento site scanned by Magereport.com and recommended several patches that needs to be installed.
These are the list of patches that are recommended to be installed in our magento site.
1. Security patch 10752 - error
2. Security patch 10570 - installed
3. Security patch 10415 (high) - error
4. Security patch 5344 (Shoplift) (safe hidden) - installed
5. Security patch 10266 (safe hidden) - error
6. Security patch 9767 (high) - error
7. Security patch 9652 - installed
8. Security patch 10497 (combined version of 10415 and 10266) - error
Majority of the patches we try to install always get a hunk.
Even though we downloaded the right version of the patch for our magento site.
These are the patches that was installed prior to the scan, except for the list above that are installed after the scan.
Our Magento site are currently running 1.9.3
We also tried installing other version of each patch that was recommended, as we suspect that the filesystem could be wrong. As our Magento site was not an actual 1.9.3 version but an upgraded version prior to 1.9.3.
If am not mistaken around 1.9.1 or 1.9.2
Any suggestion or recommendation how we can install those patches?
Thank you.
Updated Post:
For example, for patch 10752.
Please let me know if you have any idea as to why it has multiple hunks.
Could this be a possibility that the file are modified?
I have also check the file and folder permissions, which i think everything are set to its proper permissions.
Please let me know your inputs please.
Thank you.
Hello @reynaldo_hipolito,
If you are concerned about the security of your Magento store, install time to time security patches as in when released by Magento. Here we are going to see how to install a security patch in Magento.
There are 3 methods to install a security patch in Magento; if you are not that techie Hire a Magento developer or consult a good agency that offers Magento technical support services.
Before you start it is always advised to take an up to date back up of your Magento store, also we recommend scheduling such security patch updates when you have less website traffic.
Method 1 : Installing Magento Security Patch Using SSH
Secure Shell (SSH) is the recommended way to install a patch. If you don’t know how to set up SSH, contact your hosting provider.
- Upload the patch files to the root of your [Magento] installation folder.
- If the store is compiled, make sure the compiler is disabled
- In the SSH console, run the following commands according to the patch extension:
sh patch_file_name.sh
.sh extension
patch –p0<patch_file_name.patch
.patch extension
Method 2 : Installing Magento Security Patch by running a Script.
The following example shows how to install the SUPEE_9767.sh patch. Make sure to replace the patch name in the example with the name of the patch file to be installed.
- Upload the patch files to the root of your [Magento] installation folder.
- If the store is compiled, make sure the compiler is disabled.
- From your desktop, do the following:
- Use a text editor to create a file named patch.php that contains the following script.<?php print(“<PRE>”); passthru(“/bin/bash PATCH_SUPEE-9767.sh”); print(“</PRE>”); echo “Done”; ?>
- Upload the patch.php file to the root of your [Magento] installation folder. - Run the script from your browser.
http://www.[yourstore.com]/patch.php
Then, look for the following message:
Checking if patch can be applied/reverted successfully…
Patch was applied/reverted successfully.
Done - After the patch is successfully installed, delete the patch.php file from your server.
If you receive the following error, either ask your hosting provider to install the missing tools, or try one of the other methods.
“Error! Some required system tools, that are utilized in this sh script, are not installed; Tool (s) “patch” is (are) missed, please install it(them). - Refresh your cache from the Magento Admin, Don’t forget to refresh your OPcode or APC cache as well.
- If your store is compiled, rerun the compiler.
Method 3 : Installing Magento Security Patch by Uploading Pre-Patched Files
- Download your Magento installation to your local machine.
- Apply the patch locally.
- Upload the updated files to your server.
--
If my answer is useful, please Accept as Solution & give Kudos
We have decided to upgrade our Mangeto site from 1.9.3.0 to the latest 1.9.3.9. We we think already have all the patches available.
We tried to install the Package Mage_All_Latest from the Magento Connect Manager.
Unfortunately, while we are waiting for it to be downloaded, the Magento Connect Manager console throw a 500 Internal Server Error.
Before we did the test upgrade, we also set all the proper file permission, as well as file Owner and groups.
Any ideas why it is not upgrading?
Thank you.
