We have a Magento based website that we recently upgraded to Magento ver. 188.8.131.52
We have been made aware of a major vulnerability in Magento by our host and they identified some suspicious files on our server. We have tried to get rid of these files but want a Magento web security expert to have a look at our websites and make sure they are patched up correctly and contain no harmful content.
We are not looking for someone to just install latest patches etc, so please only bid if you have the tools to analyze website and backend to make sure everything is in order. We need someone who has the self initiative to test everything before marking project as complete.
Following is the message we received from our host:
The Magento community was alerted to a major vulnerability earlier this year by the Magento developers. A patch was released almost immediately upon disclosure, but many sites remain un-patched even to the present. This threat compounded in danger after the disclosure as there was a simple, pre-packaged 'hack' kit that was circulating that allows just about anyone with a modicum of technical knowledge attack any Magento site that was still vulnerable. Once the site was breached, this package would upload a series of files which were consistently named and easily detected. Our initial scans for these files were what we received hits on, hence this notification ticket.
Regardless of the technical knowledge needed to initiate the hack, once the hacker or script-kiddy was inside, they could install backdoors (such as the infamous 'WSO Shell', be very careful Googling that) to allow them to pursue additional nefarious activity if they wished, which is why you should always scan for files that contain suspicious looking encrypted or obfuscated PHP code. Your developer or contractor will know what I'm referring to.
34 freelancers están ofertando el promedio de £202 para este trabajo
Hi, I can audit security of your magento webstore within few hours and harden its security. I have fixed 2k+ sites from security issues successfully. Thanks, Harwinder Kumar
hello im a professional security researcher i found vulnerabilities on twitter yahoo dropbox etc check my profile here [login to view URL] i can audit the security of your magento site within today