Until recently, Magento was considered one of the most secure platforms. Security patches between versions were rare and dealing with specific issues.
In the last few months, things have changed and we have already got several patches that were resolving serious security issues.
Applying the patch was necessary to prevent Magento from being infected. Once the files are corrupted, it is just a matter of time when malware code can be executed and who knows what kind of damage could be done.
Most recent security issue was related to third party modules, due to the flaw in code, malware script injects obfuscate code at the start of file. Script tries to infect every PHP file in ‘app/code’ folder. Even though Magento will still work, all processed data will be compromised however. Such attack is very hard to notice if you are not a Magento expert that checks Magento file system on a daily basis.
When our first client contacted us with the notice that one of our modules was corrupted, we performed a full scan of his system and found that his Magento store was infected.
Since our modules use ionCube loader, malware code couldn’t modify file without changing its structure. Such file couldn’t be loaded anymore and client noticed an error in his Magento back-end right away.
With assistance of hosting company, he was able to restore his most recent backup and fix the security hole and damage was minimal due to low traffic time. If you notice any issue or suspicion pointing to file corruption, please contact your hosting company and ask them to scan files for you. If you need to upload module files, just contact us by mail: firstname.lastname@example.org and we will send you the latest version for the plugin.
Writing code that will be used for e-commerce platforms requires a lot of attention and following strict rules. Insisting on those rules allowed our company to offer high quality products that beside their primary use, also increase overall security. Due to the nature of e-commerce platforms, use of licensed software is absolute necessity. Therefore, installing any third party modules/plugins whose origin can’t be confirmed is not recommended. Do not hesitate to contact us in case you need help with ExtensionMall plugins or your Magento store, via mail: email@example.com