August 31, 2015: We are receiving notices about attacks to Magento stores via /index.php/api/v2_soap/index/ URL exploiting issue in Zend Framework used in 126.96.36.199 and 188.8.131.52 versions. Attacks are coming from 184.108.40.206/17 network block (Digitalocean) and user-agent logged as [email protected].
If you wish to save time and have us to install these patches for you, simply click here to order installation.
If you have no SSH access to apply the patch, you can simply upgrade your installation to Magento 220.127.116.11 version which includes all the latest security patches (SUPEE-5344, SUPEE-5994, SUPEE-6285, SUPEE-6482). If Magento upgrade is not possible in the moment due to some reason you still can apply the patch via FTP/sFTP upload as shown in this article.
The following files are changed by SUPEE-3762:
Applying Magento patches via FTP/sFTP or FileManager / File Upload
To apply patches in this way we simply replace changed files. This way can not be used blindly if you or your developers have changed any core Magento files (which is a big no-no, by the way). Such changes should be re-applied to patched files, or you loose these changes.
Patched version of these files for Magento 18.104.22.168 and 22.214.171.124 packed into single ZIP archive:
If you use PHP opcode caches (APC/XCache/eAccelerator) make sure to flush it (or restart webserver) after patching, otherwise code will continue to run from caches.
Additionally, if your store still using default
/admin/ path, you may consider securing your Magento /admin/ by admin path change and restrict access to
If you have any difficulties with applying the patches please let us know in comments, so we can find the solution together.
Posted in: Magento Maintenance