Security for online shops ‒ The new ShopSecurity

With this function ShopSecurity, we now offer agencies and shop operators a tool to check shop installations free of charge and comprehensively for known and potential security gaps.

Uncomplicated handling

To keep the handling of the function as simple as possible, the scans are conveniently started via our Managed Center gestartet.

Extensive test scans

We distinguish between domain and global malware scans:

Domain-Scan

The domain scan analyses every stored domain in the installed shop system. It is available for installations of Magento 1, Magento 2, Shopware 5 and Shopware 6. This scan checks whether the shop software used is installed in a current version and whether all available security patches have been applied.

Unprotected configuration files and directories of versioning software, through which secret access data and passwords can be publicly visible, are also detected by the scan. In addition, we also inform the user if a version of TLS that is considered outdated has been used to encrypt communication with the browser.

Global malware scan

The global malware scan checks the entire file system and database for suspicious patterns and known malware. Based on eComscan's extensive signature database, malware and Magento modules with known vulnerabilities are detected. In addition, all files are checked for potentially dangerous and suspicious patterns, so that often even new malware can be detected.

Quick solutions and recommendations for action

After the scans, which can take several minutes depending on the amount of data to be checked, the user receives detailed reports on the tested shops. Each result is classified into the urgency levels "critical", "important" and "recommended". This classification corresponds to our subjective assessment and is based on our many years of experience. The different urgency levels in the report allow the user to quickly prioritise further steps. In addition to a brief explanation of the problem, we also provide concrete instructions on how to fix this security vulnerability so that it can be closed quickly.

In addition, the user receives optional recommendations for action to optimise the security-relevant settings of the shop and the server.

New: Identify backups in Webroot.

ShopSecurity's malware scan is now able to find backups that have been accidentally stored in the file system. These backups often contain sensitive data that attackers can potentially use to gain access to the database. Therefore, they pose a potential risk. For more information about how to handle these backups, see our related Knowledge Base article.

Support ‒ always just a click away

The security of our hosted online shops is important to us, which is why we offer an additional service within ShopSecurity. With just one click, the customer can request support in processing their report - maxcluster support receives the customer-specific report with the request and can immediately contact the customer on a topic-related basis.

If questions arise during the implementation of the individual recommendations for action and proposed solutions, or if support is needed in setting up the security-relevant tools, maxcluster support can also be contacted quickly here.

Our support is available 365/24/7.

Why ShopSecurity?

Sebastian Ringel, Managing Director of maxcluster, about the new feature and its development: "For us, security is the basis of trust and thus also the basis for a professional partnership. For us, this goes beyond server configuration and legal obligations such as DSGVO. We are aware of how existential the threat to online shops from increasingly frequent and professional attacks can be and our goal is to support with our work and to increase the security of eCommerce in general. Often, due to other priorities, operators of small and medium-sized shops lack financial and technical resources or the know-how to use them efficiently to protect their shops. This is where we have seen the greatest need and this is where ShopSecurity comes in: It is

• simple: With just a few clicks, extensive scans can be initiated directly from the familiar interface of our Managed Centre.
• secure: If security gaps have occurred, we provide recommendations for action and offer solutions to close them immediately.
• service-orientet: Our customers can call on our support at any time if they have questions about their reports or the elimination of discovered security vulnerabilities.

We are constantly working on the development, accepting customer feedback and expanding the scan database, because we are convinced that with ShopSecurity we offer a function that is helpful for our customers and makes their shops more secure."

We are happy to advise you

Do you have any further questions about "ShopSecurity" or other security topics? We look forward to receiving your message by e-mail at beratung@maxcluster.de or call us at 05251/ 41 41 30.

Last updated on 13.02.2023 | NM