Nearly 2000 Magento 1 stores around the globe have been hacked in the largest ever Magecart attack since 2015. The hackers could interrupt the payment information of the store customers by injecting malicious code. According to the Sansec research report, almost 2000 Magento stores’ security has been compromised with the Magecart attack. The highlights of this hack are:
- 1904 distinct Magento stores with a unique keylogger on the checkout page.
- 10 stores attacked on Friday
- 1058 stores attacked on Saturday
- 603 stores attacked on Sunday
- 233 stores attacked on Monday
Is your Magento 1 store security breached?Check if there has been an attack by searching the server log files for access to the download directory. It would look like this:
However, if you have blocked access to the downloader directory in your store or this directory does not exist in your store at all, your store is safe.
In several of the hacked stores a mysql.php file was found in the root directory. Also, search for the files that are not part of the Magento installation and remove them.
Do inform your recent customers about this security breach so that they could take the caution to change their passwords and prevent any loss.
What can Magento 1 store owners do to avoid such security attacks?
- Open the
.htaccessfile that is located in the root folder of your Magento installation.Add the following line at the beginning
RedirectMatch 404 ^/downloader/.*$
Remove the complete directory
"downloader", which is located in your root directory. Or simply rename it.