A simple two line Nginx config update can remove any reference of the polyfill Malware from coming out of your store. What is the Polyfill.io Malware? As you likely have already heard, the polyfill.io domain has been serving malware. And there is still a concerning number of sites that still are including scripts from that domain. Cloudflare and Fastly have both released alternative services that only require a change of domain....
I’ve been sat on this post and POC for CosmicSting (CVE-2024-34102) for a little while, giving time for stores to patch the vulnerability. Chances are, if you still have not applied the patch your store will have been probed and compromised by now since there are a handful of POCs out in the wild. So I highly encourage you to make sure the patch is applied (its simple, a single file diff)....
You might find yourself needing to anonymize a database in Warden to either pass off to another developer, or move it forward into ephemeral / staging environments. This is fairly easy to achieve with Smile-SA GDPR Dump. First lets download the resources we need, we will store them in the dev folder as we can exclude this in our deployment pipelines. wget https://github.com/Smile-SA/gdpr-dump/releases/latest/download/gdpr-dump.phar -o dev/gdpr-dump wget https://raw.githubusercontent.com/Smile-SA/gdpr-dump/main/app/config/example.yaml -o dev/gdpr-dump.yaml chmod +x dev/gdpr-dump Next we can edit the yaml to set our correct Magento version and catch any non core tables we might have followed by running the anonymizer script....
Overview Recently I came across a Magento 2.3.4 store with a stripe specific credit card scraper embedded into the checkout page. The Malware had been injected into the core_config_data table, and was being saved against the shipping/shipping_policy/shipping_policy_content key. The updated_at time of the entry was 2024-04-10 13:27:32 although its worth noting, whilst this may be the time of the initial infection. Since the original entry point has not been patched, an attacker could have simply changed the payload on that date....
It is very important whilst running a Magento 2 store, to perform regular malware scans. Although, it seems that most stores decide not to which is alarming. The current gold standard for scanning Magento 2 stores is Ecomscan by Sansec.io. They provide one of, if not the best, Magento specific scanning tools. You can trigger one off scans very easily from the server CLI by running the following command and following the prompts....
Recently I onboarded a new client, who was looking for a new development partner. The site was running 2.3.4, so I was expecting we would need to perform a few updates and for there to be some security holes to patch. I ran Ecomscan, as always, during my initial audit of the site. And that highlighted 4 samples of malware on the store! Much to the surprise of the client, who had zero clue of the site being infected....