Magento Cacheleak is an implementation vulnerability, result of bad implementation of web-server configuration for Magento platform. With such configuration web-server ignoring all or some .htaccess files shipped with Magento distribution or some directives from these files and therefor all private… Read the rest
MAGMI (Magento Mass Importer), popular Magento Data Import Tool, often is used without any protection in its default location (/magmi/web/magmi.php). Unsecure implementaion of this tool can be abused to gain full access to a Magento installation, especially taking into account… Read the rest
Your connection is encrypted with 128-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the… Read the rest
We are noticing dynamic increase in robots/crawlers brute-forcing Magento’s /downloader/ locations, trying default admin user with various passwords (mostly dictionary-based) and other popular logins. We seen the bots are trying it continuously (in some cases for several months or years… Read the rest
Default Magento backend URL is set to /admin/ (i.e. http://www.example.com/admin/), it knows everyone, including bots and crackers, who brute-forcing it for weeks according to my logs. Recent Shoplift vulnerability (known by its SUPEE-5344 patch widely announced to public) indicated that… Read the rest
Magento maintenance page design can be changed just like any other Magento error page. By default, it looks like the following: It is shown when your store is in Maintenance mode, you can read how to turn it on or… Read the rest
When you stuck why your configuration changes have no effect in Magento, try the following steps: make sure that you have applied changes for correct Configuration Scope / store / store view and there are no overrides on lower level… Read the rest
Magento favicon is changed at System > Configuration > Web > Design > HTML Head > Favicon icon. Click on Browse button and select favicon icon from your hard drive to upload.