Can anybody help?

scott_taylor-chisholm · ‎12-25-2018

Been sent about 50 of these email notifications about Magento having vulnerabilities that allow attackers access to my webstore??

The text is always the same but the email address's change and are from these email address" here:

magento@macnet.cl

magento@co.uk

magento@icr.org

postmaster@e-vista.hu

I wont list each one as they are all different but you get the point?

This is the text (in bold)in the body of the email that asks me to click it to install the Supee 5344 upgrade.

______________________________________________________________________________

icr.org web1hive.icr.org

Recently a vulnerability in Magento was discovered that allows attackers to gain unauthorized access to your webshop. This unfortunately also means attackers can thereby access all information in your webshop including your customer database and the backoffice.

List of vulnerable systems

The vulnerability is found in all Magento versions. Both users of Magento Community and Magento Enterprise are urged to update their webshop as soon as possible.

How to install the update

The vulnerability is resolved by applying patch SUPEE-5344. In order to activate the update you will have to install the patch and flush the cache.

Click the link bellow to update.

https://update.magento.center/admin/?e=c2FsZXNAcHJlc3RpZ2UtY292ZXJzLmNvLnVr

___________________________________________________________________________________

I am pretty convinced this is just some sort of spammy phishing trip, but really do not want to risk my customers data in any way.

Can those that know more than me let me know what you would do with all of this?

1) Delete

2) Take action via Magento markeplace and buy a security patch?

3) Not sure what 3 is, but if these is a 3 I am sure somebody will tell me??

Any help gratefully received.

Noticed a lot of access from Russian IP addresses on my web-chat of late. I do not sell to Russia, so assuming that the site is being routinely targeted by Russian hack bots?

Thoughts anyone??

Thanks

Scott

Mukesh Tiwari · ‎12-26-2018

Hi @scott_taylor-chisholm

Magento never sends this type of emails. You must not click on any of the links present in those emails.

You can take following actions.

1) Delete all theses emails and do not click on any of the links. Also delete those emails from trash/bin folder of your email.

2) You need not to purchase any of the patches released by Magento.

If you are on using Magento1x version or Magento Community(2x version) then you can download all the patches from the following url DOWNLOAD RELEASES, PATCHES AND TOOLS. Click on Download tab for Magento2 patches and on Release Archives for Magento 1x patches.

3) Check Magento Security Best Practices official article by Magento. Also visit Security Center to make you site more secure.

4) Magento does not provide any link click based patch installation server.

5) To receive latest security updates register on https://magento.com/security/sign-up page.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

kennyc82 · ‎12-27-2018

I too am receiving these types of emails. Currently averaging about 200 per day. I searched for the patch mentioned and found many hits regarding a fake patch that installs malware onto your site.

Same symptoms as listed above, all from different email addresses starting with magento@ 'some random domain', all the text is the same minus the domain names and link at bottom.

These all started about 4 days ago (December 24th, 2018) and are still coming in. I have been sending all to spam and just clearing it out every day.

scott_taylor-chisholm · ‎12-27-2018

Yep all the same, huge amount of emails and clearing them out every day.

Who'd be in e-commerce eh???

Hacking morons, why on earth do they do it?

Can anybody help?

Can anybody help?

Re: Can anybody help?

Re: Can anybody help?

Re: Can anybody help?