Sansec has got your back! While our primary objective is to help you prevent any security issues, sometimes an incident slips through. Should your team be unable to resolve it, we provide specialized tier 3 assistance to all of our ecommerce partners with an eComscan site license.
In order to effectively help you, please observe the following guidelines when escalating an issue to us.
For stores that are covered by your site license, our assistance is free of charge up to 1 hour per incident. Additional assistance is available pending our availability and your explicit confirmation, and is charged at EUR 300/hour.
In principle, Sansec provides partner-support to partners, not to merchants. We are happy to be CC’d in any communication with your customer, but we kindly ask you to remain the primary contact for your customer.
Sansec specializes in complex cleanups and root cause analysis. Sansec does not provide generic code reviews or pentests. For that, we recommend to engage a specialized development agency.
When engaging us, please provide the following information:
- Provisional incident timeline. When was the issue discovered, how and by whom? When was the last time the store was likely secure and how have you reached this conclusion? Have there been other security incidents in the previous 12 months and how were they resolved? Have any known security vulnerabilities been resolved in the previous 6 months? Please provide timestamps (UTC/GMT) of all events, such as suspect transactions, external notifications and possible remediation by you or your customer.
- Evidence Please provide a copy of already detected malware. If unavailable, please restore a copy from a recent backup. Do not remove, move or alter any suspect code, as it will destroy relevant timestamps. If you publish atomic releases after the incident, please retain a copy of the previously affected release(s).
- Log data Please ensure access to at least the previous 6 months of web server access logs. With some ISPs (such as Nexcess) you need to request this from their support team, and retrieval may take up to 3 days.
- eComscan report Please provide a relevant, full ecomscan report that was produced using the
- Code integrity Please review a diff of the production code against a trusted secure copy from version control. If version control is not available, you could use our Magento Corediff tool to identify unauthorized changes.
- Admin review Please ensure that any (Magento/Wordpress/…) admin panels have not been accessed by unauthorized IPs in the past 6 months. In order to establish this, you may need to request a list of authorized IPs from the customer.
- Sansec SSH access Please grant us temporary SSH access to the compromised server and access logs (read-only access suffices). Send us the user/port/hostname where we should connect.
Upon receiving your request at [email protected], we aim to deliver a verdict or solution within two working days (usually much faster).
This page was last updated at Nov 18th, 2020