20181217.1 – Checks ordering, webgility update, generic malicious JS check and more

New check ordering We received a lot of feedback about the ordering of checks. Previously they would be ordered based on the most recently added checks, but this does not always make sense from a user’s perspective. For users it’s a lot more important that checks that fail are shown first so you can get…

Read more

20181203.1 – SUPEE-10975, new magento versions, sidebar bugfix, new malware signatures

SUPEE-10975 and new magento versions On the 28th of November Magento released the following versions for Magento: 2.3, 2.2.7, 2.1.16, 1.14.4.0 and 1.9.4.0. In addition to these new versions they also released SUPEE-10975. The new versions plus the SUPEE fix some critical security issues in Magento and it is highly recommended you patch or upgrade…

Read more

20181106.1 – Run checks in batches, new patch check, updated Magento version check and new RCE check

Running checks in batches Recently we received some information that under-powered servers could suffer performance loss when scanned by MageReport. This is due to the amount of requests MageReport has to make to determine your shop’s safety. This is of course not our intention, so to fix this we’ve added running checks in batches for…

Read more

20181026.1 – Added Magecart zero day extensions checks

Magecart zero day attacks Recently it was brought to light by security researcher Willem de Groot that attackers are making use of unpublished security flaws in about two dozen Magento extensions. The vulnerabilities in these extensions allow the attackers to gain full control over the targeted websites via Remote Code Execution (RCE). Added checks The…

Read more

20180925.1 – Updated CC hijack and cryptojacking checks and updated style

Update Credit Card Hijack check Recently MagentoCore and MageCart have been getting some traction as Magento specific malware to skim credit card details. We’ve updated our signatures so we’re able to detect shops infected with this malware. Update Cryptojacking check Recently there were some updates to cryptojacker signatures. We’ve updated our database to make sure…

Read more

[MageReport] Release 20180726.1 – Updated Creditcard Hijack check

Updated Creditcard Hijack check We have updated the Creditcard Hijack check to identify several different instances of newly discovered creditcard skimming malware. Other Several minor UI improvements.

Read more

[MageReport] Release 20180719.1 – Updated checks and new look & feel

Updated Brute Force Attacks check We have expanded the Brute Force Attacks check to scan additional paths for publicly available admin login pages. Please refer to our updated article for more information on how to protect your Magento installation from brute-force attacks. Updated Creditcard Hijack check We have updated the Creditcard Hijack check to identify several different…

Read more

Release 5226: DigitalOcean nodes route outbound port 25 and 587 through dedicated IP, fixed long running processes MageReport check

SMTP traffic on default ports via the non-dedicated IP Recently it came to our attention that in contrast to their normal IPs, DigitalOcean was blocking outbound traffic on ports 25 and 587 on the floating IPs we use to provide the newly introduced dedicated IP feature on Hypernode. This is generally not an issue since…

Read more

Release 5041: Automated patch info updates fixed on tools.hypernode.com

As part of the hypernode-magerun Magento plugin bundle there is a command that can list relevant patches for a Magento 1 installation and show whether or not they have been installed. The data of available patches used by this command is retrieved from tools.hypernode.com and originates from this excellent spreadsheet maintained by John Knowles. The…

Read more