Denotes security questions on Magento.
Related tags
- patches for Magento patches questions
Useful resources:
- Magento security blog: https://magento.com/security
Questions tagged [security]
653 questions
27
votes
3 answers
Magento Security Punch list
It is very often that we take a site from another firm and now we are stuck with a conglomeration of code and potentially dozens of people who have worked on a site. I am looking for a punch list of items to ask of a security person to ensure the…
brentwpeterson
- 6,104
- 7
- 43
- 81
12
votes
4 answers
security risk of require_once 'app/Mage.php'; in Magento root
I have a file in my Magento root that require_once 'app/Mage.php'; to give me access to Mage::getStoreConfig system variables.
Does this cause a security risk? Should I place it in another folder?
This is my file, /twitter.php:
Holly
- 4,863
- 8
- 70
- 128
8
votes
1 answer
Why does Magento POST to its own /app/etc/local.xml?
It seems to be initiated at admin operations, such as catalog save/edit. As seen in the logs. The client IP for the POST is the server's internal IP.
302 2014-08-30T06:43:40+00:00 POST…
Willem
- 1,488
- 10
- 19
7
votes
2 answers
What is the purpose / attack behind people doing covert automated customer registration?
We have recently observed people creating customer accounts automatically on Magento sites in bulk. Errors in their tools make it obvious that all the accounts they're creating are linked, such as identical corrupted data in signup fields, even…
xyphoid
- 985
- 6
- 11
5
votes
2 answers
Is there a method how I can check the security of magento store?
is there a way to check whether Magento store is secured or not just by entering the URL of the store
Pratik bhatt
- 1,490
- 13
- 37
5
votes
1 answer
n98-magerun.phar Security Best Practice
I have recently inherited a Magento site that has n98-magerun.phar sitting, publicly accessibly, on the site's home directory. I know that this is a command line tool, but I wonder if it should be publicly accessible, and it if it should be below…
Tyler V.
- 2,987
- 2
- 27
- 50
4
votes
2 answers
Magento credit card info leak
We are running a magento site 1.8.1.0. For the last couple months, we keep getting customers' complaint about their unauthorized charges on their credit cards. We have applied all the security patches (including the newest supee-6788),…
Ethan L.
- 169
- 7
4
votes
2 answers
magento bot blocked my mailware due to guruincsite infection
my magento website got blocked by major browser and antivirus saying infected with mailware "guruincsite infection",
1: i deleted cached
2: deleted unwanted user
3: searched database by using keywaord of mailware code and removed it
still in footer…
user1799722
- 970
- 3
- 31
- 77
3
votes
3 answers
my magento site hacked again and again
i m so so sad my site hacked 2 times yesterday . i m trying to search a developer for this but all are telling me they can't guarantee about the security i m not sure what to do next. You guys have a experience like this ? please help me if you have…
Nuwan Chinthana
- 31
- 1
2
votes
1 answer
magento compromised - index.php added
My magento installation seems to have had a security breach.
In /skin/install/default/default/images/ a file called index.php has appeared.
It contains the following code:
Alison
- 21
- 1
2
votes
1 answer
Security issues using URL parameters
I'm writing a custom router for Magento. Here's a code snippet of what I'm doing in the match() method:
$pathInfo = $request->getPathInfo();
$splitPath = explode('/', $pathInfo);
$category =…
Rob L
- 45
- 4
2
votes
1 answer
Prevent Error Log display to the public
Whenever we rebuild the catalog_product_flat index, Magento displays its standard error page along with a stack trace that reveals file structure to the outside world.
How do I stop this?
I've tried Googling "magento prevent display errors" but did…
Buttle Butkus
- 1,318
- 1
- 16
- 35
2
votes
1 answer
Do I have a security hole? Is there anything in my Magento installed from a 3rd?
I can use my 1.8.1 Shop very well on my Ubuntu Desktop as well as in IE in my VirtualBox.
But now I had the second visitor reporting issues like:
If they click on a product, they are being forwarded to another website which tried to install a trojan…
Chris
- 577
- 3
- 7
- 19
2
votes
2 answers
Heartbleed bug affecting magento
Are magento sites affected by heartbleed bugs and if yes what can I do for mitigation?
Vishal
- 367
- 6
- 15
1
vote
1 answer
can I use var folder in Magento to store files containing sensitive data?
I am using an API that requires a file with customer data as a parameter (customer name, postcode, town..). I have the idea to store the file in var folder because the server has write access to it.
However, I'd like to understand fully the risk for…
Herve Tribouilloy
- 7,668
- 2
- 13
- 28