I was hosting with 1and1.co.uk. I was happy with their services, the value, and the performance of my site, however every month or two i would get an email from 1and1 which reads something like:
Anti-virus scan reports: Your 1&1 webspace is currently under attack. Our team of experts has now analyzed the incident. They ascertain that your 1&1 hosting account has been attacked via an insecure script you installed on your webspace.
1. Analysis of the attack
1.1 The hackers processed the attack through a security leak in your software:
1.2 Via this security leak, they uploaded the following malicious files to your webspace:
I decided to move the site to a ‘simple servers’ hosting account. Simple servers informed me that the magmi folder is not secure. I have attached a screen grab from https://www.magereport.com. I am using the Understanding-e version of magmi (see image attached). Simple Servers fee for securing magmi is £78.00. I had followed the understanding-e videos when i installed magmi (approx. 3 years ago). My question for @matt or @Dave1 is do you have any video tutorials which show how to secure magmi which would show magmi as secure in a https://www.magereport.com report?
As of today all my images in magento have disappeared and my magmi import will now not go over 5% (for a tiny file and i have never had this problem before with much bigger files) so i am wondering if this problem is linked?
So they charged you £78 to change folder permissions, that’s what it’s looks like.
@leonm – £78 is what they quoted. I thought it sounded a bit steep so i was hoping the solution would be available on one of the understandinge videos.
just out of interest i put up a quick demo site with demo content and ran it through magereport. Everything was fine.
@leonm – I wonder is it because i am using a different version of magmi or a different version of the understandinge magmi skin. I am using Magmi version: 0.7.18 and Theme Version: 1.1 (see attached).
@Carl…O – Sounds strange. When i run my site through magereport.com it reports that magmi is unprotected and advises the following fix:
Rather than paying £78 to change folder permissions, you could the change the name of the magmi folder so its not so easy to spot where it is and in cpanel you can set it so you need to enter a password to access the magmi url.
I’m pretty sure Matt & Dave did tutorial on securing magmi further.
Hope this helps
Everyday is an opportunity to learn something new
I will also update to the latest version of the understandinge magmi.
Thanks for jumping in Paul, yep securing Magmi further is the one you want :)
Every expert was once a beginner
Why Should You Join UnderstandingE?
- Access to over 500 step-by-step video tutorials
- +20 video courses available
- Magento, M2E Pro, Magmi, eBay, Amazon & Design all covered
- Everything is in 100% Plain English
- Learn how to build your own multi-channel software for eBay & Amazon
- Access to the community forums, meet fellow business owners like yourself
Join Now with 2 Clicks
Join now for less that £1 per day you can gain access to over 400 step-by-step video tutorials & learn how to build your very own multi-channel software.
Most Users Ever Online: 1012
Currently Browsing this Page:
Jim @ Moogento: 688
Steve Froggatt: 514
Badeth - UE: 513
Paul Cartwright: 414
Administrators: Matthew Ogborne: 4565, Dave Furness: 4606