To perform an install, cleanup or forensic investigation of your system, please grant us temporary access to your (primary) production environment and log facilities. Ask your devops team or hosting partner to run these steps:
Set up your firewall to allow our secure gateway IP
195.201.150.170
Add our SSH public key to your webserver account (see below) and ensure correct permissions:
chmod 700 ~/.ssh
,chmod 600 ~/.ssh/authorized_keys
Email us the server, user name and port to use for SSH at [email protected].
The use of SSH is by far the most secure method to grant access. It does not require sending over passwords over insecure channels, so nothing can be intercepted. To share access, please add our SSH public key to $HOME/.ssh/authorized_keys
(make sure it ends up on one line):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSlrgyDEhQYmP1gihXTY/KlrDi6vUM+XlzEMlGSFglHhYRzmcB4l/LZgXDvfwXmvg+cr2wFRJJsq4G9H44qXkyVcn8h+f+rlWaMQNPlfqvdvQaFz/gJai/9hIf2WfmI5/zIF5uAzimTtz/ch9ur/23Qcic7dUeC4r6GASFFqR0Rt4zhCdOIdw2YU+5Jc2Xi7eWS3DD+Vko0j593CyMdn2iaQ1Vs2wivYvL57fd+lfNt+z2jOUOmkkOzcO4sVBZlVwVLrSYZIjHD6OcURA9j0ypwsneYAjNVBI+sjtnce/ZIncwyPSZ1oNTbImolwe1uK2zjjQSv1Gz4Z9lue1kS4LE4qba0+gnsGozbBPzAQ8v0aPr/uXDq96HCVUp8tPg/Evss3mA/AKvIKAduwVX+2Ia4h6W0jpQ103dncNF1ZdSBkbIi8NzIB+H3/nHkOfXa1jDXcudkmkXLwV1oClG4If6ZF6xet3Ao4KSgNsp6766rJPU3l9DZt86irTIMCjIRA0= sansec-gpg
The shared account should have at least read-access to all of the store’s files, database and web server access logs.
Are you running Magento Cloud? In that case, please add our Magento account [email protected]
to your project, it will automatically deploy our SSH keys.
If you require a forensic analysis, please share answers to the following questions to speed up the investigation:
- What made you believe that your store has been compromised? Please share relevant dates and communication.
- Have you modified your system since the discovery? Please share recorded timestamps (creation + modification) for any files you may have (re-) moved. Please minimize code modifications until the investigation is completed, or valuable evidence may be erased.
- Have there been previous incidents and/or investigations?
This page was last updated at Jan 9th, 2023