Snapfast Hack Banner

SnapFast Exposes Hack

by

SnapFast, a Magento-centric hosting provider, has posted an article revealing a Magento threat to customer data that was recently uncovered in their analysis of a Magento-powered store. According to their blog post, a hacker was able to inject code into the app/Mage.php file that created a JPG file containing customer payment information. Once created, this JPG could be retrieved and used by the hacker.

The code, of course, could be injected into several different possible locations in a Magento install to achieve the same effect. SnapFast offers several possible means by which this intrusion could be achieved, but doesn’t disclose the exact means in this particular example case. The scariest possibility is that a hacker could have exploited a security hole in a third-party extension. Magento extensions — especially those that allow for the uploading of files — should be carefully vetted and reviewed.

We have found a service that has proven very successful — at least for those we know — in identifying hacked code in a Magento installation. Sucuri provides analysis of sites on an ongoing basis and will alert you if your site has been compromised. They also offer a “cleaning” service to remove any found malfeasance. Scanning of one site is currently free. They have other related services, as well.

mm

Mage Daily

MageDaily is a Magento news, reviews and tips website. Our staff includes experienced Magento e-commerce store operators and developers. The opinions expressed are solely those of MageDaily. Reviews are not provided for a fee or compensation, although some reviewed services may provide affiliate commissions for referrals. However, we do not base our reviews on any intended compensation. We welcome opposing views and encourage readers to comment on any article or review.
mm

Leave a Reply