Magento RCE Vulnerability Patched

Around April this year, the Magento Security Team released information in the Magento official blog for a critical vulnerability in the application core functionality. The vulnerability was described as RCE (Remote Code Execution) type and what it does is basically enabling the attackers to take control of your Magento Online Store. This you can clearly understand means that all the sensitive information for your customers like names, emails, Credit Card information and so on is immediately exposed to the attacker.

The Solution

Soon after the vulnerability was reported Magento responded well prepared with a patch they have released earlier this year – SUPEE-5344 which can be found on their official download page. The patch is pretty straight for applying and if you are experiencing any difficulties doing so our technical team will gladly apply it for you.

FastComet Attack Mitigation

Here in FastComet, we take the security as one of the three most important aspects of the web hosting technology and as such, we took immediate measures to prevent this exposure for all our clients. The approach we have followed was inspired by the great article from Sucuri explaining the issue in technical details and since April all the customers which did not apply the provided security patch by Magento are fully protected by our patch on web service level.

This basically means that without messing with the code of our customers’ websites we are protecting them from the malicious requests performed by the attackers. The patch is fully mitigating the RCE Vulnerability and none of our clients using Magento was affected by this severe vulnerability.

The applied patch was deployed and tested on all our servers including our Shared Hosting Packages, Our Cloud SSD VPS services and of course our Dedicated Servers.