[23-Mar-2024 11:34:42 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_RequestTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Uri.php on line 24 [23-Mar-2024 17:22:13 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_RequestTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Toolbar.php on line 22 [26-Mar-2024 13:29:00 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Shortcode.php on line 19 [07-Apr-2024 20:50:03 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_SingletonTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/Compatibility.php on line 21 [22-Apr-2024 01:11:01 UTC] PHP Fatal error: Trait 'AAM_Core_Contract_ServiceTrait' not found in /home/xhtmljunkies/public_html/wp-content/plugins/advanced-access-manager/application/Service/LoginRedirect.php on line 23 Magento sites using Nginx and the Magmi data import tool are at risk | Xhtmljunkies
Check out our newest developed Magento 2 Customer Discount More Info
Menu
Get Quote
9 Oct 2015

Magento sites using Nginx and the Magmi data import tool are at risk

We’d like to alert you to two potential security vulnerabilities that may affect your customers.

Misconfigured Magento Sites Using Nginx
Byte.nl recently reported that some misconfigured Magento sites using Nginx web server software are vulnerable to attacks. The misconfiguration allows outside access to Magento cache files. The cache files have predictable names and can contain sensitive information, including Magento database passwords. This information can be used to obtain access to an installation and customer information.

To address this issue when using Nginx or any other web server software other than Apache, you should make sure your client’s configuration file protects directories and files properly. Magento Security Best Practices includes information on configuring the server environment. You can also find an example of a configuration file for Nginx at https://gist.github.com/gwillem/cd5ae6845fa33aa0d481.

Please work with your clients to update their server configuration files as soon as possible to address this vulnerability.

Unsecure Magmi Data Import Tool
It has also come to our attention that some sites use the Magmi data import tool without protection from outside access. This tool can be abused to gain full access to a Magento installation and it is critical that you act now and remove this tool from your clients’ production websites or limit access to it based on IP address or password.

Security Resource
You can also check your clients’ sites for other security vulnerabilities athttp://magereport.com. This is a Magento community project that is not affiliated with Magento.

Author: Harshal Shah

Harshal Shah is CEO & Founder of Xhtmljunkies, Located in Gujarat, India, XHTML Junkies is one of the best companies that offer unique eCommerce solutions by the virtue of its dedicated professionals. Our professionals are extremely proficient in offering development services pertaining to eCommerce. You can find Harshal on and Twitter.

The following two tabs change content below.
My Twitter profileMy Google+ profileMy LinkedIn profile

Harshal Shah

Harshal Shah is CEO & Founder of Xhtmljunkies, Located in Gujarat, India, XHTML Junkies is one of the best companies that offer unique eCommerce solutions by the virtue of its dedicated professionals. Our professionals are extremely proficient in offering development services pertaining to eCommerce. You can find Harshal on and Twitter.

Home

Dedicated Resources

Content Management

Web Design

Conversion Services

©Copyright 2006 - 2019 All rights reserved by

Trusted Since 2006

foot_link

37200 Paseo Padre, Pkwy #421, Fremont,
CA 94536, USA

15/12 Clifton street, Blacktown,
NSW 2148 AUSTRALIA

305, Iskon center, Shivranjani cross road,
Satellite, Ahmedabad.380015