To prevent hacks and data theft, we use several mechanisms at integer_net:
- Always the latest Magento version – thanks to our Magento partnership, we usually have access to it before the official release
- Use of a Web Application Firewall (“WAF”) to block SQL injection attacks
- Regular scans of program code and databases with the SanSec eComscan tool
This last point is described in detail in this blog post.
Anatomy of the most common attacks
To put it simply, most attacks on a Magento shop work like this:
- Finding a security hole
- Injecting additional or adapted program codes – into the file system or into the database
- Execution of the malicious code – by the attacker or by customers in the shop
The idea behind the Sansec eComscan tool
The Sansec eComscan tool (Sansec scanner for short) has two purposes:
1. Detection of security holes
For this purpose, the program code (Magento-Core, third-party modules and in-house developments) is checked for known security gaps. Sansec operates one of the largest and most renowned corresponding databases in the Magento environment.
2. Detection of malicious code
Malicious code is searched for in the file system and in the database. The Sansec scanner can fall back on a variety of known attacks and attack patterns.
Execution and details
The Sansec scanner runs as a command line tool on the server. The installation is quickly done in a few predefined steps on any Linux system:
mkdir -p ~/bin
curl -sL https://mageintel.com/ecomscan/ecomscan-linux_amd64.gz |gzip -d> ~/bin/ecomscan
chmod 755 ~/bin/ecomscan
Afterwards the scanner can be executed. This is done either manually or automatically via Cronjob.
The Sansec scanner updates itself automatically on a regular basis so that it always has the latest signatures.
The first run takes a few minutes. Subsequent runs focus on changes, making them much faster. So even a scan every few minutes does not create a significant additional load on a server.
The tool also offers some additional options:
In the event of a detected vulnerability or infection, a notification e-mail is sent to the configured address.
Our experience with Sansec
We have had a positive experience with Sansec and the eComscan tool – otherwise we would not be writing this blog post. The tool works perfectly (yes, we also tested the alarm function), and the questions we had were answered quickly and competently by the owners themselves. Therefore, since completing a test phase, we recommend the scanner to all of our customers.
Sansec is a small company in the Netherlands, founded by Willem de Groot and Gruus van Woerkom. The former made a name for himself even before the company was founded in 2017 with MageReport, a tool to detect security holes in Magento shops from the outside – he is one of the most renowned security experts in the Magento sphere, who also advised us in the event of an incident in one of the stores we support. Through our personal contact with Willem we became aware of Sansec.
Our partnership with Sansec
As we have already worked very closely with Sansec in the recent years, we have lately entered into a strategic partnership. While there are no financial benefits involved, we are now working more closely together – gaining deeper insights into current developments in the Magento world, not only in terms of security issues.
Author: Andreas von Studnitz
Andreas von Studnitz is a Magento developer and one of the Managing Directors at integer_net. His main areas of interest are backend development, Magento consulting and giving developer trainings. He is a Magento 2 Certified Professional Developer Plus and holds several other Magento certifications for both Magento 1 and Magento 2. Andreas was selected as a Magento Master in 2019 and 2020.