Magento Critical Flaw Exposed - Magento Shoplift (SUPEE-5344)

If you run a Magento website and you are concerned about the critical vulnerability released via Check Point Technologies today, you are not alone.

With 15% of e-commerce websites being affected by the critical Magento Remote code execution vulnerability (also known as Magento Shoplift (SUPEE-5344)), any Magento website owner would be highly recommended to take immediate action to protect their online business.

All FGX-Web Protect clients are protected from this issue.

All FGX-Web Alert clients will be alerted via our tamperproof seal, which alerts on any un-authorised changes made on the website – such as the loading of PHP shells, malware and other un-welcome changes.

If you don’t use our FGX-Web technology, here are the top 3 steps you can take to protect your website:

• Install a Web Application Firewall immediately.
• Check your website for any web shells/malware (our 30 day free trial of FGX-Web Alert will do this for you for free).
• Monitor your site for any changes – if they are changes that you made, that’s fine. If they are not your changes, then it is highly likely that your website has been compromised.  Call us for help.

Magento is not the only platform to have had an issue like this – Drupal had an alert at the back end of 2014 for a significant issue.  These issues are bound to come up now and then with any e-commerce platform or framework, so to protect your online business from this kind of threat, you would be highly recommended to follow the 3 steps outlined above.

If you suspect your website may have been hacked, call us or contact us using the form below – we’re happy to help and have the knowledge, experience and technology to help you very quickly.