hacked? what now? · • apply magento security patches • do not use bad extensions • fix...
TRANSCRIPT
![Page 1: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/1.jpg)
![Page 2: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/2.jpg)
Hacked? What Now?Merchant’s guide to protecting Magento storefronts
![Page 3: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/3.jpg)
Hello
Sahil Chugh
CEO
MageHost (Managed Magento Hosting)
7+ years Magento experience
![Page 4: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/4.jpg)
Hello
Sahil Chugh
CEO
MageHost (Managed Magento Hosting)
WebScoot.io (Faster eCommerce)
7+ years Magento experience
![Page 5: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/5.jpg)
There is no such thing as an unhackable site
![Page 6: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/6.jpg)
30 to 200 stores get hacked per day
![Page 7: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/7.jpg)
30 to 200 stores get hacked per day
20% of merchants getreinfected after a breach
![Page 8: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/8.jpg)
30 to 200 stores get hacked per day
20% of merchants getreinfected after a breach
![Page 9: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/9.jpg)
• Magecart
• Cloud Harvester
• Shoplift Malware
• Magento Killer
• GuruInc Malware
• Visbot Malware
• MagentoCore
![Page 10: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/10.jpg)
• Magecart
• Cloud Harvester
• Shoplift Malware
• Magento Killer
• GuruInc Malware
• Visbot Malware
• MagentoCore
![Page 11: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/11.jpg)
• Blacklist warnings by Google, Bing, McAfee, etc.
• Customer concerns about strange credit card activity.
• Lost sales and brand reputation.
• Negative effect on the website’s SEO
• Host suspends your website for malicious activity.
![Page 12: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/12.jpg)
![Page 13: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/13.jpg)
![Page 14: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/14.jpg)
• Magento security patches not applied
• Bad Extensions
• Web Server exploits
• PHP exploits
• SQL exploits
• Insecure URL’s – Magmi / var / config files
![Page 15: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/15.jpg)
![Page 16: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/16.jpg)
Security Patcher: https://github.com/magesec/magesecuritypatcher
![Page 17: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/17.jpg)
• Magento 1 -https://github.com/gwillem/magevulndb/blob/master/magento1-vulnerable-extensions.csv
• Magento 2 -https://github.com/gwillem/magevulndb/blob/master/magento2-vulnerable-extensions.csv
![Page 18: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/18.jpg)
![Page 19: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/19.jpg)
![Page 20: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/20.jpg)
• MageReport.com
• MageScan.com
• Sitecheck.sucuri.net
• eComscan
• Maldet
• ClamAV
• Yara
![Page 21: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/21.jpg)
• MageReport.com
• MageScan.com
• Sitecheck.sucuri.net
• eComscan (Coupon - MM20IN)
• Maldet
• ClamAV
• Yara
![Page 22: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/22.jpg)
![Page 23: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/23.jpg)
![Page 24: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/24.jpg)
System → Configuration → Design → HTML Head → Miscellaneous Scripts
![Page 25: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/25.jpg)
System → Configuration → Design → Footer → Miscellaneous HTML
![Page 26: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/26.jpg)
lib/Varien/Autoload.php
![Page 27: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/27.jpg)
![Page 28: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/28.jpg)
• Magento Admin users
• FTP/SFTP Users
• SSH Users
![Page 29: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/29.jpg)
• PHPInfo files
• GIT config files
• Magento config files – local.xml, env.php
• 3rd party files like MAGMI - /magmi/web/magmi.php
• Other Magento related URLs:
• /var/ - cache, sessions, exports, logs
• API URLs
• /rss/catalog
![Page 30: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/30.jpg)
• Disable PHP functions – exec, shell_exec, system, passthru
• Block PHP uploads in media folders
• Latest PHP versions – PHP 7 for M1 patch available. Thanks to our friends at Inchoo.
https://github.com/Inchoo/Inchoo_PHP7
• Web server signatures – Off
• Protect Wordpress blogs and pages
![Page 31: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/31.jpg)
![Page 32: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/32.jpg)
![Page 33: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/33.jpg)
• Get a fully managed Magento hosting partner
• Hire professionals with Magento security experience
• Malware cleaning services
• Sucuri
• Comodo Cwatch
• GetAstra
![Page 34: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/34.jpg)
• Have an incident response plan handy: https://github.com/talesh/response
• Audit logs for RCA
• Follow coding standards https://github.com/magento/magento-coding-standard
• Report malware signatures to Magereport, Magento Security scanner
• Report malware domains to Google safe browsing, ClamAV
![Page 35: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/35.jpg)
Do not edit the core!
![Page 36: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/36.jpg)
• Apply Magento security patches
• Do not use Bad extensions
• Fix Responsibility
• Managed Magento Hosting partner
• Block Magento related sensitive URL’s
• Harden PHP & Web-server
• Change the Magento Admin URL to a custom one
• Brute force protection for Admin URL + IP restrictions
• Enable 2FA
![Page 37: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/37.jpg)
• Scan media folders for files with PHP code
• Block Magereport, Magescan – User agents
• Strong Passwords + Change regularly
• No keys in code. Only in setting files
• No test files, DB backup files
• File permissions impeccable
• Ensure backups and DR plan
• Get PCI compliant
![Page 38: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/38.jpg)
@gwillem @srcoder
@maxpchadwick@DavidDeppner @_Talesh @ryanhoerr
@martin_pachol @lenlorijn
![Page 39: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/39.jpg)
@_Talesh
![Page 40: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/40.jpg)
@lenlorijn
![Page 42: Hacked? What Now? · • Apply Magento security patches • Do not use Bad extensions • Fix Responsibility • Managed Magento Hosting partner • Block Magento related sensitive](https://reader034.vdocuments.net/reader034/viewer/2022042301/5ecc08b6087ff73ee102b090/html5/thumbnails/42.jpg)
Thank You
धन्यवाद