We recently teamed up with hosting specialist, byte, to be a part of their Magento support system for MageReport.com. MageReport was created to protect the performance and security of Magento shops. By sharing their tools with the rest of the Magento community, byte hopes to increase the overall security of Magento worldwide.
We are certainly happy byte chose to share their useful tool. After using MageReport for scanning Magento sites, we were extremely impressed with the level of detail and accuracy it provides. MageReport is a definite asset to Magento merchants and the Magento Community.
How MageReport works
MageReport is a free service that checks the security status of Magento stores with lightening quick results. The report not only shows insight on the security status of scanned shops, but also on how to fix possible vulnerabilities. While it is not possible to see existing Magento files from the outside, MageReport uses behavior-based identification patterns. All possible because each Magento patch introduces subtle changes in behavior. In addition, it’s possible to request a few static files and derive the Magento version from that.
MageReport.com checks Magento shops for the following known security vulnerabilities:
- Credit Card Hijack
- Ransomware
- Cache leak vulnerability
- Guru Inc Javascript Hack
- Outdated Magento version
- Unprotected development files
- Default /admin location
- Unprotected Magmi
- Unprotected version control
- Outdated server software
- Security patch 5994 (admin disclosure)
- Security patch 5344 (Shoplift)
- Security patch 6285 (XSS, RSS)
- Security patch 6482 (XSS)
- Security patch 6788 (secrets leak)
- Security patch 7405 (admin takeover)
- SSL Certificate check
Head over to MageReport.com to read more about the Magento tool and to scan your site for security patches.
If you need help applying Magento Security Patches, head over to Magento Security Patch SUPEE-6788 and Magento Security Patch SUPEE-7405 or Contact us.