Hi all,
I'm with a small digital agency and we have a few Magento clients. We have a dedicated developer that is not available right now and on of our sites seems to have a malware issue. Liquid Web is reporting the site is clean, but there does seem to be some injected code. All passwords and ftp access have been updated. But I need some help on cleaning the site. Can someone point me in the direction of a Magento 2.2.3 guru that can troubleshoot and fix on a case-by-case basis?
thanks!
Jim Clanin
jclanin@doubledome.com
Solved! Go to Solution.
Hi Jim,
2.2.3 is a few years out of date. It's missing a lot of security patches. That means it's not PCI compliant, and that hackers using bots to find vulnerable sites can have an easy time identifying it as an easy target. Your issue won't just be cleanup, it will be hardening the environment against reinfection. While this is always important, now that the site has been targeted, it's known to at least the hackers that have already identified it as vulnerable.
Ideally, you'd bring the site up to at least Magento 2.3.7-p1 (or the further updated 2.4.2-p2 or 2.4.3). Additionally, it's important to update any extensions that have available security patches.
With such an old version of Magento 2, I'd also venture to guess that your hosting environment is running insecure software, such as a version of PHP that's end of life.
Above and beyond that, for PCI compliance (and just a general rule of thumb), you should have a properly configured web application firewall, along with an intrusion detection system, in addition to Magento-specific malware scanners. If you aren't working with a fully-managed Magento hosting provider, you may be on your own for this - but it's still very important.
I've gone into this level of detail because, at first glance, it sounds like you need more than just someone that can investigate intrusions on a case-by-case basis. While I can suggest Magento security experts, it sounds like you should be looking for Magento 2 developers that can help patch the site and get it to a healthy place so that it isn't a sitting duck. That may be a bigger up-front job, but it's a lot safer than playing a game of whack-a-mole on an incident-by-incident basis.
Best of luck!
Hi Jim,
2.2.3 is a few years out of date. It's missing a lot of security patches. That means it's not PCI compliant, and that hackers using bots to find vulnerable sites can have an easy time identifying it as an easy target. Your issue won't just be cleanup, it will be hardening the environment against reinfection. While this is always important, now that the site has been targeted, it's known to at least the hackers that have already identified it as vulnerable.
Ideally, you'd bring the site up to at least Magento 2.3.7-p1 (or the further updated 2.4.2-p2 or 2.4.3). Additionally, it's important to update any extensions that have available security patches.
With such an old version of Magento 2, I'd also venture to guess that your hosting environment is running insecure software, such as a version of PHP that's end of life.
Above and beyond that, for PCI compliance (and just a general rule of thumb), you should have a properly configured web application firewall, along with an intrusion detection system, in addition to Magento-specific malware scanners. If you aren't working with a fully-managed Magento hosting provider, you may be on your own for this - but it's still very important.
I've gone into this level of detail because, at first glance, it sounds like you need more than just someone that can investigate intrusions on a case-by-case basis. While I can suggest Magento security experts, it sounds like you should be looking for Magento 2 developers that can help patch the site and get it to a healthy place so that it isn't a sitting duck. That may be a bigger up-front job, but it's a lot safer than playing a game of whack-a-mole on an incident-by-incident basis.
Best of luck!