magento-malware-scanner is an extremely valuable tool to help keep your Magento installation secure. Scanning a codebase for malware is dead simple…
wget git.io/mwscan.txt grep -Erlf mwscan.txt /path/to/magento
However, it’s equally if not more important to run an external scan of your Magento installation. Here I’ll cover why and how.
The reason you need to run an external scan is because simply scanning your codebase misses cases where the malware is injected into the database. This class of attack is extremely common because the attacker can install malware simply by accessing the admin panel and updating “miscellaneous html” or a CMS block and does not need access to the file system on the server.
Fortunately, it’s not particularly difficult to run an external scan. You can use
wget to download the contents of a page and then send the returned HTML to magento-malware-scanner.
wget -O result https://www.example.com && grep -Elf mwscan.txt result
wget -O will catch cases where the malware is inlined into the HTML document, however if will miss if the malware is referenced via a
<script> tag. To solve this we can use the
-p flag to download the “page requisites”. This will scripts referenced via a
wget -p https://www.example.com && grep -Erlf mwscan.txt www.example.com
Good point, the
-p flag by default will only download the assets from the same host. We need to combine it with the
-H flag (span hosts) to download from other hosts
It’s easiest to additionally use the
-P flag (directory prefix) to put everything into a single folder
wget -p -H -P scan https://www.example.com && grep -Erlf mwscan.txt scan
At this point we will be scanning both all inlined and
Scanning https://www.example.com is great, but what if the malware is in a static block that is only inserted into the page on the checkout page? In that case, we won’t catch it.
To help deal with this problem, I built Mpchadwick_MwscanUtils. Currently the tool allows the following…
The module was built for Magento 1 as the lion share of live Magento installations are still running Magento 1, but it wouldn’t be difficult to port over to Magento 2.
The tools is 100% free and open source and is available on GitHub.
A couple final pro-tips with external scans…
-qflag to prevent it from making any noise.
Hi, I'm Max!
I'm a software developer who mainly works in PHP, but also dabbles in Ruby and Go. Technical topics that interest me are monitoring, security and performance.
During the day I solve challenging technical problems at Something Digital where I mainly work with the Magento platform. I also blog about tech, work on open source and hunt for bugs.
I built a tool called Domain Clamp which monitors and alerts about expiring domains and SSL certificates.
If you'd like to get in touch with me the best way is on Twitter.