Your Magento Store Is Vulnerable. Learn How To Install Security Patches Here!

Is your online store powered by Magento? If so, you’re not alone. According to BuiltWith, there are nearly 240,000 online stores across the entire Internet running Magento as their platform.

Is your online store powered by Magento and ALSO up to date on its security patches? No?

Well, once again you’re not alone. According to Sucuri, about 50% of all Magento installations have not been updated with the most recent patches.

kTKnkao9cThese aren’t just any old, get around to them anytime you want security patches, either. To put it as basically as possible, without these two security patches, an attacker can take over your online store and its server.

That’s bad for you and your hosting provider, sure. It’s also really, really bad for your customers.

Get all the information you need on downloading and installing these security patches below. Hat tip to Paradox Labs – our preferred Magento Solution Partner – for making us aware of the need for the security patch.

How Can You Protect Your Magento Store From Potential RCE Attacks

Named SUPEE-1533 and SUPEE-5344, these two Magento security patches help protect your web server from attacks called “remote command extensions”, or RCE. Pretty easily, actually. These most recent security patches are very necessary, and also readily available. Here’s how you can download them and install them.

To Install The SUPEE Patches In Magento Community Edition

  1. Visit the Magento Community Download Page – https://www.magentocommerce.com/products/downloads/magento/
  2. Download the SUPEE-1533 and SUPEE-5344 patches that match your Magento format
  3. Install the two patches in your root directory and run the appropriate SSH command
  4. Flush your cache via your Magento admin

 

To Install The SUPEE Patches In Magento Enterprise Edition

  1. Download and implement the patches from either the Magento Support Portal or the Partner Portal.

As always, Magento suggests you test these patches in a development area to make sure they work the way you expect before putting them live on your website.

How Netrepid Is Protecting Its Customers From These Magento RCE Attacks

datacenter4At the time of this post, all known Netrepid customers hosting a Magento store are currently protected against this vulnerability thanks to our hosted firewall application.

Our hosting services are protected behind clustered, highly available firewalls. As a way to prevent hacking attempts like RCEs, our firewalls do deep level packet inspection on all traffic (inbound and outbound), block common ports, and analyze all traffic patterns.

Whether you host your website with Netrepid or not, we strongly recommend putting an application level firewall in place for any of your hosted services (email, website, intranet, etc.). Firewalls like this block things like:

  • bot scans
  • malicious scans
  • entry attempts
  • DDOS attacks
  • site vulnerabilities
  • other elements that cause performance issues

For more information on that and all of our services for website hosting, please check out our website hosting page.

Chad Arentz
chad@jumpmotion.com