Has Your Magento 1 Site Been Hacked?

This past weekend, a Magento 1 security breach, impacting more than 2,000 storefronts, was discovered.  This breach was described as the “largest campaign ever” against the M1 platform.

The breach was an automated attack that allowed hackers to breach sites and plant malicious scripts into the source code.  The scripts log payment card details that shoppers enter during checkout.

Attacks against Magento 1 sites have been expected since Adobe ceased support for M1 on June 30, 2020.

If you’re still utilizing Magento 1.x, there are several things you should consider doing immediately to assess whether you’ve been hacked – and to close the door on future attacks:

Short-term Suggestions:

  1. Search Access & Action Logs for evidence of known attack patterns. Were searches for MySQL.php performed?  You should also validate that scripts executed from mcdnn.net are not embedded in your checkout page.
  2. Restrict access to admin functions within M1. This is a common point of attack for hackers.  A best practice is to use a custom URL to access admin functions.
  3. Block access to (or delete) “/downloader”. Since no formal updates are being issued by Adobe, /downloader should be blocked.  Here’s how (scroll down to “Blocking the RSS and Downloader”).
  4. Check Code for Malicious Scripts. Scan your code and integrations.  Review your extensions and delete any that are inactive.
  5. Seek patches from the Magento Community. As previously mentioned, Adobe ceased support of Magento 1 on June 30, 2020.  However, a number of companies and individuals are continuing to develop, share, and sell patches.  Here’s an example.  Please do your research and due diligence before applying any of these community-sourced patches and extensions.

Long-term Suggestions:

  1. Consider Migrating to Magento 2 – The M2 Platform is fully supported/patched by Adobe. The M1 to M2 migration effort is not straightforward or easy.  In fact, the effort more closely resembles a “replatform” than a migration.  Migration takes time and money, and we realize that this option may be intimidating for many M1 users at this time.
  2. Consider Security-centric Hosting for your Site – One of our partners, Webscale, provides 360-degree protection against exploits along with their site hosting services. If you can’t (or don’t want to) migrate to M2 in the next six months, this is the best option.  Migrating your site to Webscale takes less than 30 days, and your site will be optimized for performance and security.  Contact Alpine for a free assessment of your site and a cost/effort estimate.

Here at Alpine, we certainly understand the challenges you and your business have faced this year.  The health and performance of your eCommerce channel are more important than ever – and we’re here to help.  Contact us and let’s talk about your site!

1 reply

Trackbacks & Pingbacks

  1. […] Has Your Magento 1 Site Been Hacked? by Earl Stevens […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *