How to grant Sansec access to your store

Ask your devops team or hosting partner to run these steps:

1. Set up your firewall to allow our secure gateway IP 195.201.150.170
2. Add our SSH public key to your webserver account (see below) and ensure correct permissions: chmod 700 ~/.ssh, chmod 600 ~/.ssh/authorized_keys
3. Email us the server, user name and port to use for SSH at support@sansec.io.

The use of SSH is by far the most secure method to grant access. It does not require sending over passwords over insecure channels, so nothing can be intercepted. To share access, please add our SSH public key to $HOME/.ssh/authorized_keys (make sure it ends up on one line):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSlrgyDEhQYmP1gihXTY/KlrDi6vUM+XlzEMlGSFglHhYRzmcB4l/LZgXDvfwXmvg+cr2wFRJJsq4G9H44qXkyVcn8h+f+rlWaMQNPlfqvdvQaFz/gJai/9hIf2WfmI5/zIF5uAzimTtz/ch9ur/23Qcic7dUeC4r6GASFFqR0Rt4zhCdOIdw2YU+5Jc2Xi7eWS3DD+Vko0j593CyMdn2iaQ1Vs2wivYvL57fd+lfNt+z2jOUOmkkOzcO4sVBZlVwVLrSYZIjHD6OcURA9j0ypwsneYAjNVBI+sjtnce/ZIncwyPSZ1oNTbImolwe1uK2zjjQSv1Gz4Z9lue1kS4LE4qba0+gnsGozbBPzAQ8v0aPr/uXDq96HCVUp8tPg/Evss3mA/AKvIKAduwVX+2Ia4h6W0jpQ103dncNF1ZdSBkbIi8NzIB+H3/nHkOfXa1jDXcudkmkXLwV1oClG4If6ZF6xet3Ao4KSgNsp6766rJPU3l9DZt86irTIMCjIRA0= sansec-gpg

The shared account should have at least read-access to all of the store's files, database and web server access logs.

Are you running Magento Cloud? In that case, please add our Magento account info@sansec.io to your project and assign admin privilege to your production environments. Afterwards, you may need to run magento-cloud environment:redeploy production in order to activate our SSH key.

If you require our forensic analysis or cleanup, please share answers to the following questions to speed up the investigation:

1. What made you believe that your store has been compromised? Please share relevant dates and communication.
2. Have you modified your system since the discovery? Please share recorded timestamps (creation + modification) for any files you may have (re-) moved. Please minimize code modifications until the investigation is completed, or valuable evidence may be erased.
3. Have there been previous incidents and/or investigations?