What is the security patch?
In the computing wide-world, a security patch is same as a security update with comprised code inserted into the original code of an executable program. A security patch is developed to fix specific problems related to the existing product installed on technological devices such as computers, tablets, smartphones,…when it faces security bugs or holes. In another word, security patches are the primary method installed to fix security vulnerabilities in software.
Typically, people usually update a security patch to correct the weakness described by a vulnerability. This corrective action will help to avoid big problems like losing data or other unexpected errors and remove or mitigate a threat’s capability of exploiting a specific vulnerability in an asset.
Why is security patch important anyway for Magento website?
In real life, criminals usually look for an open window or unlocked door to break into your home and steal your most valuable assets. In the computing world, criminals look for similar holes — software vulnerabilities — to sneak on your computer and take sensitive data or hack it to send spam or spread viruses to other computers.
Depending on the differences in specific programs, security vulnerabilities can be divided and categorized into different levels of severity. Based on the severity of security holes, the program developer will design and recommend the most suitable released security patches. Regularly fixing security and software problems can increase the performance and security of the data as well as the program handles.
It is essential for Magento users to understand that to minimize the risk of being compromised or low performance, offers of installing security patches must appear on devices whenever being released the newest version. Sometimes, these updates may cause inconveniences. However, the most critical purpose behind a security patch is to fix the potential problems at hand, as well as prevent from other compromised damages. Keep staying up-to-date; your Magento page will be protected from data breaches.
Magento released and launched patches for the first time to make the system more secure when Magento system found the appearance of vulnerabilities since Nov 26, 2014. The security holes completely can happen in the same way with other Magento-based online websites. Because 80% Magento store didn’t apply the first patch of Magento last year, they have to send notifications to each customer to remind about installing patches. It is very much recommended to install the patches as soon as possible to save your own Magento store from vulnerable till then, and a hacker can make data breaches at your website.
Magento Security Patch Versions
As usual, Magento always releases security patches for both Enterprise Edition and Community edition.
Enterprise Edition Patches:
– With Enterprise Edition 220.127.116.11, both patches were integrated into the build and customers who are using this version have already protected.
– With Enterprise Edition E 18.104.22.168, only apply patch SUPEE-5344. SUPEE-1533 was integrated into this build
– With Enterprise Edition 22.214.171.124 to 126.96.36.199, apply both patches including SUPEE-5344 and SUPEE-1533
– With Magento Enterprise Edition 188.8.131.52 and lower, apply SUPEE-1533 and the appropriate patch for your version:
+ Magento Enterprise Edition 1.12.0.x: PATCH_SUPEE-5345_EE_184.108.40.206_v1.sh
+ Magento Enterprise Edition 220.127.116.11 thru EE 18.104.22.168: PATCH_SUPEE-5346_EE_22.214.171.124_v1.sh
+ Magento Enterprise Edition 1.11.0.x: PATCH_SUPEE-5341_EE_126.96.36.199_v1.sh
+ Magento Enterprise Edition 1.10.1.x: PATCH_SUPEE-5390_EE_188.8.131.52_v1.sh
+ Magento Enterprise Edition 184.108.40.206 thru 220.127.116.11: PATCH_SUPEE-5388_EE_18.104.22.168_v1.sh
Community Edition Patches:
– With Magento Community Edition 1.4-1.9.1, patches are available from the Magento Community Edition download page.
– With Magento Community Edition 1.3, refer to this thread on Magento: click HERE
Note, you will need SSH access to the server to apply the official patch. If you do not have SSH access, please refer to this thread on Magento: click HERE
How to recognize signs of a compromised site?
If you have ever wondered that if your Magento site has potentially been compromised, please follow these following signs to determine your doubt:
– Check your list of unknown accounts which is administrator users. We have seen vpwq and default manager being used, but any unknown account is suspicious
– Check your Magento installation for any unknown files that were recently created and are doubtful. Compare all files to your code repository or staging server.
– Check server access log files for request POST /index.php/admin/Cms_Wysiwyg/directive/index/ coming from unknown IP addresses.
– Check for trojans
– Check for wrong permissions
– Check for hidden files
– Check for suspicious ports being opened (command: netstat -nap | grep LISTEN )
Or you can check your site via API, for more details, please follow HERE
How to check if your site has been set up security patch yet?
To check if your website has been set up security patch yet, you can use some following tools:
This is an effective tool which allows Magento users easily scan for vulnerabilities of Magento patches: SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482 & XML XXE vuln 2012. You just need to enter your store backend URL and don’t forget to type confirmation code; then you can go check for possible vulnerabilities of your website.
MageReport.com checks your Magento shop for the following known security vulnerabilities: Outdated Magento version, Unprotected development files, Default /admin location, Unprotected Magmi, Unprotected version control, Outdated server software, Security patch 5994 (admin disclosure), Security patch 5344 (Shoplift), Security patch 6285 (XSS, RSS), Security patch 6482 (XSS).
All the possible vulnerabilities will be shown in the carrot tables with detail information and fixing guide of Magereport.com.