Magento recently informed about an important security patch that should be deployed as soon as possible. This new patch was created as it addresses a potential security problem that enables an attacker to remotely execute code on Magento software using a request that is specially crafted in order to obtain valuable customer information, credit card details, etc. It is requested to immediately install the patch as a protective measure.
Magento maintaining thousands of ecommerce stores is viable to attacks from number of criminals online.
Check point found this Remote Code execution vulnerability which was reported to Magento in January, 2015, which was found affecting both Magento Community and Enterprise editions. This vulnerability could compromise any Magneto-based web store and allow criminals to obtain full control over the store and also over the customer’s personal information.
Later, on February, 2015, Magento released SUPEE-5344 security patch and made it a compulsion for store owners to download and implement it first in the test environment and then on a live site to avoid any attacks.
However, in less than 2 hours after the disclosure, few attacks were registered that exploit current vulnerability. These attacks were seemingly seen from same criminals that following IP addresses: 62.76.177.179 and 185.22.232.218, which were detected to be in Russia.
This malicious code creates a fake admin user in the Magento database leveraging SQL injections. Try and look for admin_user and ypwq in the database, as these are the usernames the attackers have been using so far.
To protect your webstore, Magento suggests implementing both SUPEE-5344 and SUPEE-1533 security patches.
The popularity of online ecommerce stores has gotten the security issues at the forefront, enabling the merchants to plan the business considering strict compliance with security rules and regulations.
It is important to take the issue seriously and take considerable measures in order to avoid attacks from criminals.
Looking curiously for Magento development from a Magento Development Spécialiste. My articles regarding Outsourcing Magento India might help you.