Downloads

Downloads

To download support materials, please select your product from the list below. You will automatically be shown all downloads for that product, including extensions, brochures, sales presenters and technotes.

  • 1. Select your section, category and chosen product.
  • 2. Click on the Manual, brochure, sales presenter or technote of your choice.
  • 3. Take careful note of any applicable instructions, especially for extensions.
  • 4. Download the file to your hard drive.
Knowledge Base

Knowledge Base

Vulnerability scanner

Categories: Security
Date Created: 21 Apr 2016
Last Updated: 14 Nov 2019

MageStack has a built in vulnerability scanner, which performs a number of roles

  1. Detects common PHP exploits
  2. Detects Magento 3rd party module exploits
  3. Identifies potentially compromised files
  4. Identifies abnormal files
  5. Checks if all available Magento patches have been applied

Report priorities

Three difference priorities are used in the report to classify the potential risk,

  1. Critical - High risk. This issue must be immediately investigated (eg. an urgent Magento patch)
  2. Warning - Medium risk. This requires investigation, it could be a false positive or non-critical (eg. an abnormal file or low-priority Magento patch)
  3. Notice - Low risk. But should be investigated

HTML/JSON/Email report

You can generate the report in many different formats to suit your needs,

Email

You can send a copy of the report to one or many recipients via email,

php /microcloud/scripts/classes/Healthcheck.php --output email --type all --recipients "user1@example.com,user2@example.com"

HTML

The script will echo the output to stdout, so if you want to write it to a file for viewing, redirect the output. We do not recommend leaving a report publicly exposed.

php /microcloud/scripts/classes/Healthcheck.php --output html --type all > /microcloud/domains/example/domains/example.com/http/report.html

JSON

If you are aggregating data and want a parseable format, it can be exported in JSON, the script will again echo the output to stdout (so redirect to a file if desired)

php /microcloud/scripts/classes/Healthcheck.php --output json --type all

Text based/Log report

Format

The scan first tests for Magento patches (identified by the patch version/revision), followed by the other vectors (identified by an arbitrary ID)

Eg.

Test ID:     SUPEE-6788
Description: [Critical] Magento patch
  Critical example.com:/microcloud/data/domains/example/domains/example.com/http/app/code/core/Mage/Admin/etc/config.xml

A successful test will not report any warnings/files beneath the description.

Excludes/ignores

Entire document root

To exclude an entire document root from scans, create a file named .ignore.magescan in the document root,

Eg.

cd /microcloud/domains/example/domains/example.com/http
touch .ignore.magescan

Specific file

To exclude individual files/directories from scans, create a file named .exclude.magescan in the document root and enter the files/directories to be ignored, separating each with a new line with no trailing whitespace,

Eg.

cd /microcloud/domains/example/domains/example.com/http
touch  .exclude.magescan

Then inside .exclude.magescan,

/microcloud/data/domains/example/domains/example.com/http/media/safe_file.php
/microcloud/data/domains/example/domains/example.com/http/skin/ignore_me.php
Support Enquiry

Support Enquiry

If you have a question or require technical support for a Magespacex hosting or extensions you have purchased, please fill out the form below and a member of our support team will contact you shortly.

  • * Required Fields

Warranty