In order for us to perform an audit of your system, you would have to grant us access to your (primary) production environment and log facilities. You could share username and password with us, but is generally safer to use SSH. You should ask your developer or hosting partner:
- Set up your firewall to allow IP 18.104.22.168 (our secure gateway)
- Add our SSH public keys to your webserver account (see below) and ensure correct permissions (chmod 700 ~/.ssh, chmod 600 ~/.ssh/authorized_keys)
- Send us the server, user name and port to connect (SSH).
The use of SSH is by far the most secure method to grant access. It does not require sending over passwords over insecure channels, so nothing can be intercepted. All major hosting providers support SSH. Our SSH keys are (two lines, to be added to $HOME/.ssh/authorized_keys).
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrSuyjWT45ipAEmdeqv2hnKk/T541Na+AN8KpsmYTPSRrdfyYXcH2yHysg/aX9DEDyoZR1WgAW2HmM6rBQN9GfP2EJEzjP+1AzNHaOsCKSStUnUrKJlR0y3WXZny29lH/JqQykIUAC3YGqktwKNGxiQGZ/8HgicvV/0f4ebaqJ5S6o/ccA/Mytk8FNUtjZ9WFVMx9nj8DPLlgT7Z9v9rsPnzD5n5pTyVnttFqzBu4JOFGXkhiuHAQIqfLrLAExDabHH8bgxr8yIKUSEScooxHDY0uXONfGMhOQXQ3TFLuEkysT8qkcYCrfLwXh+pF6ITdDdoqaoxauq6zdid6KzyKn/bn60M1R5r/DIsVh03ASBr8j7JtEsIgHDRdShsF4BB0f6u9vwnsc0eLy8HMQo9zW9A22eT4k4O5WauMGzsyP6hP9mCYpKvDYMNHkC4dgnvaQiSerNmKXc8fBVlQELAaztGkHmdcLT+DFfY/I79UkkhLVEVMXgL9Mk1vawwnioY0M1ANxsmY1kqmTbgMACAULRlTYCzLMw8Ymn/uL5lO/KowLd+jg4rDcP6ZTabpLE3svucK/Y+pREbMLw/cFOVi45A4mmxoSusPvpLs13mGNLL2/XOE/pSQiPaDNn6qzFGtMd9B8tZG24Zpdk8KOW2bH6WkcgLOYhertHiedh7tAgw== sansec1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUYCXzHOUSJHinDWTs+94ZyhKCr+bJ5T4ZI2c1M8cv1a8b3l/7Z5MrLw37GeFBhE0ij1nQ8s67clsJRvd2NcKE5NjS1qvURnOr5hAvFfMj9Irj+S9RnAxhxnE1muiFfX0do6ABJudLoA51Vii6bOLAiG2L0te9aOooQ4o8AZmzlk/NvfieylZaX4EK7OA5mrFq44dzRHIUmzAURYIN7GnjhrMWK013wpe4IX4DhZrB8Q4C/b4G03T8rkzNh3lVcfERjN3bYGRFZ11E3cpxvXM1IgLSQOHfQ4OE5UI9a6nkTxH+QiEwAmeW/ACrtf8v0AF/THhyyzTR7aawbV1H9hft sansec2
The shared account should have at least read-access to all of the store's files, database and web server access logs.
To speed up our investigation, please share answers to the following questions:
- What made you believe that your store has been compromised? Please share relevant dates and communication.
- Have you modified your system since the discovery? Please share recorded timestamps (creation + modification) for any files you may have (re-) moved.
- Have there been previous incidents and/or investigations?