cancel
Showing results for 
Search instead for 
Did you mean: 

regarding security patches + magereport.com

regarding security patches + magereport.com

hello .I had applied security patches on magento 1.9.1 on dec 2015 . however, now in magereport.com , its showing patch not detected . what could be the reason and how do I rectify it . 

 

Thanks & Regards,

Vishal

4 REPLIES

Re: regarding security patches + magereport.com

patch was partially applied, it happens, you have some other changes after patch, your server has some rules that breaks detection, and check if yout patch was not reverted.

------------
MagenX - Magento and Server optimization

Re: regarding security patches + magereport.com

MageReport is an external scanner so in some cases it cannot properly detect all the patches, because it looks at your system from front-end.

I suggest  you check out Mage Fence Security Module. MageFence scans for applied patches internally,  so it can determine whether the patch is properly installed or not with 100% certainty.

 

It also has many other useful features for improving security of your website:

  • Scans your website for malware on regular basis.
  • Scans your files for changes and gives you the list of ALL changed files.
  • Allows you to tracks all changes made by admin users in Admin Activity Log.
  • Allows you to change Admin Panel URL  and Magento Connect Manager URL easily and effectively from backend.
  • Detects admin users created without authorization (injected into database) and notifies you immediately by email.
  • Sends you an email notification every time user with admin privileges logs in.
  • Block IP addresses after too many failed login attempts, so it prevents password guessing attacks.
  • It comes together with Two-Step Verification Module that adds another authorization step to the login process, so no one can log in but you even if they somehow get hold of you login credentials.

 

and many more

 

You can see the detailed description of MageFence module here: http://www.extensionsmall.com/mage-fence-security.html

Re: regarding security patches + magereport.com

yes . there might be code changes . So, should I re-apply the patches . I was able to successfully install 5344 after replacing mysql.php from the original download file . magereport showed it as fine. however, after few days again it shows that 5344 is not applied. when i tried to install SUPEE-5994 , it threw many errors as mentioned below. so now I am not sure what to do. 

 

patching file app/code/core/Mage/ImportExport/Model/Export/Adapter/Csv.php
The next patch would create the file app/code/core/Mage/Install/Controller/Router/Install.php,
which already exists! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored
Reversed (or previously applied) patch detected! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file downloader/Maged/Model/Connect.php.rej
patching file downloader/Maged/View.php
Reversed (or previously applied) patch detected! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file downloader/Maged/View.php.rej
patching file downloader/template/connect/packages_prepare.phtml
Hunk #1 FAILED at 33.
1 out of 1 hunk FAILED -- saving rejects to file downloader/template/connect/packages_prepare.phtml.rej
patching file downloader/template/messages.phtml
Reversed (or previously applied) patch detected! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file downloader/template/messages.phtml.rej
patching file get.php
Reversed (or previously applied) patch detected! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file get.php.rej
patching file lib/PEAR/PEAR/PEAR.php
Reversed (or previously applied) patch detected! Assume -R? [n]
Apply anyway? [n]
Skipping patch.
42 out of 42 hunks ignored -- saving rejects to file lib/PEAR/PEAR/PEAR.php.rej

Re: regarding security patches + magereport.com

thanks for this - Mage Fence Security Module though it comes with a hefty price even for community edition .