In the middle of the week an article appeared on the IT news portal about attack waves on Magento e-commerce systems. In Magento 2 security, an unfortunate formulation promptly sparked a discussion. Magento was quickly placed in the corner of unsafe e-commerce solutions, which is simply wrong. If you look at the statistics of Magento in recent years, there have never been any really critical problems. Due to the enormously high distribution of Magento, this is almost a miracle, as other widespread systems have more often to struggle with security problems.
The reason that a lot of unsafe software still appears is unfortunately simply due to the programmers, who often know little about the topic and do not have the time to familiarize themselves with it. But why are there security gaps? Why can a blog suddenly serve as a file editor for Magento configuration files? The reason for this is always the lack of verification of input and misuse. We build our houses from hard stones so that they can withstand wind and weather – nevertheless we can open a window with one of these stones to break into a house.
Codes Were Used On The Magento Systems To Access Card Data
Malware is malicious code that is injected into software, for example to access the contents of the database or to fundamentally manipulate the behavior of the software. In the event of attacks on the Magento systems, the malicious code was used to access credit card data or to send it. So far this is correct and definitely a security-critical problem, because the theft of credit card data leads to massive problems.
How Was The Malicious Code Used?
First of all, the good news: the malicious code was not used into Magento due to a security vulnerability. Ultimately, it was a brutal force attack on the Magento backend. The Magento backend is automatically called up and every imaginable type of username and password combination is tested. If the correct combination of user name and password was determined, the attackers would implement a JavaScript in the Magento front end. When a user or customer called up the front end, the JavaScript code was executed on the client and the data was then tapped. This took place in the browser, but not on the server or in Magento itself.
