MAY 29 2019

Magento recovery after Shoplift vulnerability (post SUPEE-5344)

If your Magento store was not yet patched, highly likely it was already compromised / hacked by automatic exploit that gone wild on April 22, 2015. To the date, almost every not yet patched store I see have all signs of intrusion: lib/Varien/Db/Adapter/Pdo/Mysql.php file modified, so patch can not be applied seamlessly: app/code/core/Mage/Cms/controllers/IndexController.php file have a hijacking cookie key installed Magpleasure/Filesystem extension is installed for easy access to filesystem (file upload/PHP code modification) from Backend… Read the rest
APR 27 2020

How to apply SUPEE-5344 and SUPEE-1533


10 comments

Recently released announce regarding Magento vulnerability which is about to be disclosed by CheckPoint mentions necessity of installing Magento patches SUPEE-1533 and SUPEE-5344 available for download at MagentoCommerce site: https://www.magentocommerce.com/products/downloads/magento/ To apply these patches you need SSH access (shell access actually, SSH is just most used way to get shell access) to the server. To apply patches without SSH access please refer to this article. Update: Make sure also to apply the latest SUPEE-5994 released… Read the rest
APR 27 2020

How to apply SUPEE-5344 and SUPEE-1533 without SSH


99 comments

Recently released announce regarding Magento vulnerability disclosed by CheckPoint urges Magento patches SUPEE-1533 and SUPEE-5344 installation. The patches are available for download at MagentoCommerce site: https://www.magentocommerce.com/products/downloads/magento/ To test if your store is vulnerable use our Scan your store button in sidebar. The only problem with these patches is SSH requirement, which some hosts do not provide. If you have SSH access, you can install patches as shown in How to apply SUPEE-5344 and SUPEE-1533 via… Read the rest