Get Patching Now!!

Discussion in 'Magento Support' started by edmondscommerce, Jun 1, 2017.

  1. edmondscommerce

    edmondscommerce Magento + PHP Expert Full Member - Verified Business

    Posts: 3,649 Likes: 625
    https://magento.com/security/patches/supee-9767

    Looks like a mean and nasty one, already being actively exploited

    Combined with other forms of attack this can be quite serious

    Goes without saying but its really important your Magento site is always kept patched up to date!

    We're still seeing sites with multiple patches missing and other security issues

    You can scan your site quickly and easily using Magereport:
    https://www.magereport.com

    You need to be all green on this scan. They have added this latest patch to the scan
     
    Posted: Jun 1, 2017 By: edmondscommerce Member since: Nov 11, 2008
    #1
  2. edmondscommerce

    edmondscommerce Magento + PHP Expert Full Member - Verified Business

    Posts: 3,649 Likes: 625
    Posted: Jun 1, 2017 By: edmondscommerce Member since: Nov 11, 2008
    #2
  3. Countrymun

    Countrymun UKBF Contributor Free Member

    Posts: 74 Likes: 13
    We have had this patch installed and mage report says all is fine. :)

    However, we process via paypal and received a major update message in backend as follows :

    New Patch for PayPal Instant Payment Notification (IPN) Changes. Upgrade to 1.9.3.3 or SUPEE-8167 by June 30, 2017 to Avoid Service Disruptions – 6/13/2017

    Developer says he has sorted this but it doesn't appear under patches on magereport -not sure if that is because it isn't technically related to our own website security?
    Anyone else applied this patch and could advise on (hopefully an easy!) way for us to check that it is working properly on our site?
    TIA
     
    Posted: Jun 23, 2017 By: Countrymun Member since: Sep 13, 2014
    #3
  4. edmondscommerce

    edmondscommerce Magento + PHP Expert Full Member - Verified Business

    Posts: 3,649 Likes: 625
    I'd expect your developer to be able to prove it if required, though I'd be amazed if they said they've done it and its a bare faced lie
     
    Posted: Jun 30, 2017 By: edmondscommerce Member since: Nov 11, 2008
    #4
  5. NuBlue

    NuBlue UKBF Ace Full Member

    Posts: 1,155 Likes: 234
    This may be a better patch checker for you. If you've moved your admin login to another folder, you can specify where for a more accurate report (you may need to run the check first to let it work out that admin has moved then you can tell it where).

    https://magentary.com/magento-security-patch-tester/
     
    Posted: Jun 30, 2017 By: NuBlue Member since: Oct 19, 2005
    #5
  6. Mark_Taylor_

    Mark_Taylor_ UKBF Regular Free Member

    Posts: 207 Likes: 53
    I think the paypay patch isn't actually checked by the Mage report website, the paypal 30th June patch was purely a few lines of code change to one file. Basically the patch changes the location of the PayPal IPN server to the new server address. It does nothing else and doesn't rely on any other patches from what i can tell.

    I've patched several of my clients websites and they don't show in magereport either.
    Also you need to make sure your server uses the TLS 1.2 protocol (most up to date servers should).

    Hope this helps and fell free to reply if you have any questions
     
    Posted: Jul 10, 2017 By: Mark_Taylor_ Member since: Jul 10, 2017
    #6