Bogus Opencart Security Email
If you get an email telling you to update your opencart installation because of a security update please ignore the instructions. DO NOT FOLLOW THE LINKS IN THE EMAIL.
The email is not from Opencart.
This email operates by extracting the FTP details ( if you have been foolish enough to leave them on the site system settings ) and then posting malicious content onto a perfectly good opencart installation. So the update causes a security issue not solve. The virus will upload code that will insert a bogus payment provider to sniff credit card details and also password reset requersts from your customers.
The emails look like this.
It will have the following content. ( links have been removed )
( the reason we have included the text is so that you can find it in a google search )
---start--- OpenCart Newsletter ⇢ Software Enhancement (E-Commerce Industry Standards) Manage Your Store Securely and Smoother The Purpose of this E-Mail OpenCart provides this newsletter for the purpose of helping you to keep your online store at maximum security, and to help your customers at the online shop level to have the best experience. Based on the premise to facilitate your business management, we introduced this newsletter. What should you do? The main step to keep your online store in compliance with e-commerce industry standards is to maintain your OpenCart installation at the latest available version. Keeping your store updated guarantee the industry standard requirements. The Update - Keep your e-commerce healthy and safe This update will fix performance issues and improve security scripts. Including new encryption scheme, better scripting optimization and theme improvements. Log in to your admin area to start the update process. It will take only a few seconds! OpenCart Enhancement Update Registered Store: ftp.yourstore.ie Secure NS Server: ns2-yournamed server.com Click to Start Update ( link to https://safee-commerce.com/..... there are other versions of the email using other domains )
Action you need to take :
The action you need to take is to go to your system-settings and remove the ftp username and password from the site settings. These are only needed for uploading addons and are not required for the normal running of the site.
Here are some quick tips to making your opencart more secure.
1. do not use the user name “admin” weak usernames are 50% of the reason robots break into systems. Use robust passwords
2. remove FTP settings of FTP user and FTP password in system settings. These are only required when installing addons.
3. make sure all directories are permission 755 and all files are 644 via your FTP.
4. limit access to your admin and system direcrtory via ip address with this addon. This allows only users from set ip addresses can access your admin area.
- In the directory you wish to protect, open (or create) a file called, .htaccess. (Note the dot at the beginning of the file name.)
- Add the following code to this file, replacing 100.100.100.100 in this example with the static IP address you plan to allow:
Order Deny,Allow Deny from all Allow from 100.100.100.100
- Optional: You can enter partial IP Addresses, such as, 100.100.100. This allows access to a range of addresses.
- Optional: You can add multiple addresses by separating them with comma’s.
If comma separation does not work, then enter each IP address (or partial address) on its own “Allow from” line, such as:
Allow from 100.100.100.101 Allow from 100.100.100.102
5. use captcha on all forms
6. remove the install folder. Its not needed on a production site or after the initial install.
7. rename the admin directory, you will need to update the config.php file to reflect the new location. If you have done no 4 you need to update the .htaccess files.
8. be extra careful of addons you install especially free ones. Free addons that are really cool and look like they give alot for free are usually taking alot of data too. Make sure to hand scan code of free addons.
If you require more information or unsure of what to do please Contact Us