/magento-malware-scanner

A collection of rules and samples to detect Magento malware

Primary LanguageHTMLGNU General Public License v3.0GPL-3.0

A community collection of rules to detect frontend and backend malware. Samples were found in the wild on Magento sites.

Basic usage

On a standard Linux or Mac OSX server, run two commands to find infected files:

# download latest rules
wget https://raw.githubusercontent.com/gwillem/magento-malware-scanner/master/build/all-confirmed.txt

# do a recursive search on the Magento files in /var/www
grep -Erlf all-confirmed.txt /var/www

It will show you, for example:

/var/www/skin/cc.php
/var/www/errors/backdoor.php
/var/www/app/Mage.php

You should examine these files, and delete or restore them from a clean backup.

Objective

For the free MageReport we already analyse lots of malware samples. Now, many system administrators are doing the same work. That's incredibly inefficient.

Goal:

Once a particular strain of malware has been found and analyzed, nobody should have to duplicate these efforts.

This repository is a community effort of security conscious people. Contributions most welcome!

Test coverage

Build Status

Travis-CI verifies:

  • that all samples are detected
  • all signatures match at least one sample
  • Magento releases do not trigger false positives