Notification Type
Security Notification
Date
November 9, 2010 9:00 AM
Service Affecting
No
Message
Summary: In the last week to 10 days we've noticed the odd Magento site getting compromised. In each case Magento was extremely out of date and allowed the attacker to gain full access of the site and the database. Obviously if you're storing customer information in your Magento store this is a potentially huge problem.We recommend that anyone not running the latest stable Magento install (manual installs) and the latest available install from our Appvault that you upgrade immediately.
Steps to do this:
1) take a backup of your files + database
2) check your backup to see if there were any odd looking files left behind
e.g. htaces.php,logo.php etc
3) upload the relevant patch / files
4) ensure your site is working properly
We recommend that everyone who uses Magento does this as soon as possible.
Leave a comment