Currently, which technologies could easily be hacked
No panic! Shop or site hacked? Here's how to do the right thing
The Federal Office for Information Security (BSI) warns online shops that use older versions of the Magento e-commerce software against malware. It could be used by hackers to smuggle in Trojans in order to spy out customers' payment information during the ordering process and then to clear their accounts. What should you do if you suspect your website or shop may be infected with malware?Share this article
Don't panic - analyze damage
Panic is a bad advisor. This is especially true when analyzing and repairing damage to IT systems. Of course, in an emergency, you need to be in a hurry, but you will make better progress if you act properly.
If you only suspect that your shop may have been infected with malicious code, perhaps for a long time, and that it is spreading it, visit the Google Safe Browsing page, for example. Enter the URL of your shop there and wait for the result. If the page is classified there as inconspicuous, this does not yet mean that the system was not infected at that moment. However, the site has not yet appeared on Google, i.e. the harmful consequences for the reputation of the retailer, such as warnings on the Google results pages or in the browser, are not yet available.
The top priority - apply patches
Dealers who maintain their installations of Magento, Wordpress or other systems themselves should read the headlines of IT magazines on the Internet carefully or set up a Google Alert for the system they are using. This is where current gaps are reported as quickly as possible and initial countermeasures are usually outlined. Subscribing to newsletters on the topic is also useful for shop operators who have outsourced the care and maintenance of the system to a service provider. It doesn't hurt to find out about the current status there.
The most important countermeasure against malware, as simple as it sounds, is to have a system that is kept up to date. If the software has an automatic update mechanism, this should also be activated. And if there is a special patch in the case of a current threat scenario, it must be installed as soon as possible.
Check code and database
Malicious programs always make changes to the installed installation that can sometimes be more or less easily detected. The database should be examined carefully. Especially when it comes to the registered users. Does the database really only contain the accounts that should have access? Or does a "backup user" suddenly appear there that you have not set up at all?
The templates for the pages are also popular gateways. In the simplest case, the file structure already shows the current modification date of the files. Basically, script calls in header or footer files are suspicious and you should carefully check what is called in them.
If the system is based on PHP files, a text editor search for "base64_decode ()" and "eval ()" can detect any malicious code. Then the file should be replaced with an uninfected original version.
Install security plug-ins
For the most popular content management and shop systems, there are now a number of plug-ins that examine the system for damage and also point out any open security gaps. Their installation is therefore definitely recommended. Examples are the products from Sucuri. The makers of Magento recommend performing a scan yourself with https://www.magereport.com/.
Hire a service provider
Those who do not trust themselves to do the clean-up work can also fall back on the offer of service providers. Most manufacturers of security plug-ins also offer the option to rid the system of malicious code.
These hacker attacks shock online retailers
Ransomware, DDoS, viruses: In 2016, cyber criminals once again displayed a great deal of criminal energy. Etailment shows a selection of spectacular attacks. Read more
More DDoS attacks: How online retailers protect themselves against hackers
More and more often, so-called DDoS attacks paralyze the pages of Internet services and web shops. But online retailers can protect themselves so as not to fall victim to a cyber attack. Read more
Hacker alarm: In a video interview, security experts explain how quickly data theft can happen and how shops protect themselves against it
It was not just the mega-vulnerability, Heartbleed, that showed that the security of customer data on the web is not the best. Millions of data theft had already caused unrest and significant losses in sales from some US chains such as Target. But online retailing still takes the problem lightly. Security expert Jean Pascal Pereira from secbiz.org makes it clear in a video interview with Adrian Hotz from Inside eCommerce how easy it is for hackers to trade. Read more
In this edition
Courage to start again
How to get your business going again
With the right influencers for more sales
Secondhand gains market share
- Is it possible never to cheat
- How long do eyelash extensions last
- What do you think about mass tourism
- Why are there different religions 2
- What does switch mean
- How does weightlessness affect the human body?
- How is modular arithmetic used in cryptography
- Are Dell laptops good for gaming?
- How do signal jammers work
- Who are the famous song artists worldwide
- How does the President use Twitter
- Is itching psychological
- Why is Brexit such a divisive issue
- How easy is it to make a girlfriend
- What are the advanced content promotion strategies
- Will Nadal regain his top form
- Robert Kennedy died instantly
- Has North Korea implemented market reforms
- What are some sentence examples for posterity
- How do I use the Google Device Manager
- What does it mean not to lose yourself
- Can I add multiple numbers on WhatsApp?
- What does the S mean in Porsche
- What is plant intelligence
- What are the advantages of Octaves over MATLAB
- What is a chrome processor
- Was Marla Singer really in the Fight Club
- What are the types of pollutants
- What is cstdlib in C.
- Can I insure my car online?
- What is the best internal audit software
- Churchill was a competent commanding officer
- What is the curriculum for DANICS