Sansec logo

How to grant Sansec access to your store

Sansec

by Sansec Support

Published in Knowledgebase

To perform an install, cleanup or forensic investigation of your system, please grant us temporary access to your (primary) production environment and log facilities.

Ask your devops team or hosting partner to run these steps:

  1. Set up your firewall to allow our secure gateway IP 195.201.150.170
  2. Add our SSH public key to your webserver account (see below) and ensure correct permissions: chmod 700 ~/.ssh, chmod 600 ~/.ssh/authorized_keys
  3. Email us the server, user name and port to use for SSH at [email protected].

The use of SSH is by far the most secure method to grant access. It does not require sending over passwords over insecure channels, so nothing can be intercepted. To share access, please add our SSH public key to $HOME/.ssh/authorized_keys (make sure it ends up on one line):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSlrgyDEhQYmP1gihXTY/KlrDi6vUM+XlzEMlGSFglHhYRzmcB4l/LZgXDvfwXmvg+cr2wFRJJsq4G9H44qXkyVcn8h+f+rlWaMQNPlfqvdvQaFz/gJai/9hIf2WfmI5/zIF5uAzimTtz/ch9ur/23Qcic7dUeC4r6GASFFqR0Rt4zhCdOIdw2YU+5Jc2Xi7eWS3DD+Vko0j593CyMdn2iaQ1Vs2wivYvL57fd+lfNt+z2jOUOmkkOzcO4sVBZlVwVLrSYZIjHD6OcURA9j0ypwsneYAjNVBI+sjtnce/ZIncwyPSZ1oNTbImolwe1uK2zjjQSv1Gz4Z9lue1kS4LE4qba0+gnsGozbBPzAQ8v0aPr/uXDq96HCVUp8tPg/Evss3mA/AKvIKAduwVX+2Ia4h6W0jpQ103dncNF1ZdSBkbIi8NzIB+H3/nHkOfXa1jDXcudkmkXLwV1oClG4If6ZF6xet3Ao4KSgNsp6766rJPU3l9DZt86irTIMCjIRA0= sansec-gpg

The shared account should have at least read-access to all of the store's files, database and web server access logs.

Are you running Magento Cloud? In that case, please add our Magento account [email protected] to your project, it will automatically deploy our SSH keys.

If you require our forensic analysis or cleanup, please share answers to the following questions to speed up the investigation:

  1. What made you believe that your store has been compromised? Please share relevant dates and communication.
  2. Have you modified your system since the discovery? Please share recorded timestamps (creation + modification) for any files you may have (re-) moved. Please minimize code modifications until the investigation is completed, or valuable evidence may be erased.
  3. Have there been previous incidents and/or investigations?
Need expert advice? We are here to help!

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

TwitterLinkedinEmail

Terms & Conditions
|
Privacy & Cookie Policy
Company Reg 77165187
|
Tax NL860920306B01