August 31, 2015: We are receiving notices about attacks to Magento stores via /index.php/api/v2_soap/index/ URL exploiting issue in Zend Framework used in 220.127.116.11 and 18.104.22.168 versions. Attacks are coming from 22.214.171.124/17 network block (Digitalocean) and user-agent logged as [email protected].If you run Magento 126.96.36.199 or 188.8.131.52 version it is strongly recommended to apply SUPEE-3762 patch or upgrade to the latest Magento version. If you wish to save time and have us to install these patches for you, simply click here to order installation. If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 184.108.40.206 version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article. SUPEE-3762 patch can be installed independently, prior to or after installation of other security patches (SUPEE-1533, SUPEE-5344, SUPEE-5994 or SUPEE-6285). The following files are changed by SUPEE-3762:
Applying Magento patches via FTP/sFTP or FileManager / File UploadTo apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes. Before patching make sure to Disable Magento Compiler if you use it and clear compiled cache. Patched version of these files for Magento 220.127.116.11 and 18.104.22.168 packed into single ZIP archive:
If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it (or restart webserver) after patching, otherwise code will continue to run from caches. Additionally, if your store still using default
/admin/path, you may consider securing your Magento /admin/ by admin path change and restrict access to
/downloader/. Done. If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.
Posted in: Magento Maintenance