i'm such an idiot!
i discovered today that my shop is still vulnerable to the shoplift exploit!
can i still apply the patches, change all the backend passwords have a safe shop again?
or could the shop be compromised nontheless?
would it be better to just upgrade to the latest version that has the patch included? and can this break something in my current shop?
please advise, and yes. i'm stupid. don't rub it in if possible.
You must apply those recently released patches. Just changing the amdin password will not help you.
If you are not far brhind the latest version of Magento you can keep using the same.
just Google to find how to secure Magento you will find good solutions there.
thanks for your reply.
what i meant is could the shop be compromised with backdoors, trojans, that sort of stuff?
edit. or rather, could the file system be affected as well?
i did a version upgrade and the shop is no longer shown as vulnerable for the shoplift bug.
i changed all the admin user passwords and also the database password.
now i'm downloading the magento folder to compare it with a diff to a vanilla installation.
should i also look at files outside the magento root?