Friday, 23 October 2015

Magento: Hacked Websites Have Not Installed Update

Monday warned security for thousands of hacked Magento sites used to distribute malware. According Magento websites are not adopted by an unknown vulnerability, but the administrators have not installed an important update.

This update was published in February this year and fixed the so-called "Shop Elevator Bug". Through this vulnerability, attackers execute arbitrary code remotely and gain administrator access. In February Magento warned that webmasters should install the update immediately, but eight months later turn out thousands of merchants to have given no answer to this.

In addition, some merchants have been taken over possible because administrators used a weak password. Owners get a Magento site advised to check their website for the presence of malicious code and malware, rename all administrators in the system and install all available updates immediately.

No comments:

Post a Comment