Security Notice for Magmi Product Importer

securityThe Magmi product importer is used by many Magento stores to quickly and easily import a large number of products.  Unfortunately, a recent security vulnerability has been found in Magmi that can allow an attacker to upload malicious code if the Magmi installation is publicly available. This could allow the attacker to gain credit card information or other confidential data from your store. If you use Magmi, we strongly recommend that you remove the code from any publicly accessible directory immediately to limit your risk to this vulnerability. Below you will find instructions for securing access to Magmi using Apache/Litespeed and Nginx.


Securing Magento’s Admin Dashboard

magento_securityThe Magento Admin Dashboard is the gateway into the core of your eCommerce store, so it is important that you protect this gateway from intruders and malicious activity. Fortunately, you can lock down the Magento Admin Dashboard by just using a few simple modifications.



CVE-2014-3566 – Padding Oracle On Downgraded Legacy Encryption attack (POODLE)

securityA new vulnerability has been found in OpenSSL, the open-source software used to encrypt and secure web communication, that could potentially allow attackers to steal sensitive information normally protected by SSLv3 encryption protocol via a man-in-the-middle style attack. The vulnerability CVE-2014-3566, dubbed the “Padding Oracle On Downgraded Legacy Encryption attack” or “POODLE,” does require access between network devices which makes this less severe than Heartbleed discovered earlier this year.

Even though the severity is lower, Simple Helix still takes this matter very seriously. To secure our users and prevent unauthorized attacks against the content they protect with SSL/TLS encryption, we have taken steps to ensure that all servers we host have been patched against this vulnerability.

If you are using SSL/TLS encryption with a server hosted by Simple Helix, you can rest easy knowing that the appropriate action has been taken to keep your data secure. If you are not currently using SSL/TLS encryption and have an eCommerce presence, then we highly recommend that you get an SSL certificate to provide SSL/TLS encryption for your online store and customers. If you would like help setting up an SSL certificate for your store, please call or open a support ticket and our technical team would be happy to assist you. If you do not already have an SSL certificate, then you can get started for just $49.95 per year if you purchase through Simple Helix:

Bash Security Vulnerability CVE-2014-6271

  • September 26th, 2014
  • Posted in Security

securityA serious security vulnerability has been found in the GNU Bourne Again Shell (Bash) commonly used on many Linux and Unix systems. The vulnerability was found in the way that Bash evaluates certain environment variables and could allow a malicious attacker to execute shell commands. This vulnerability is being tracked under CVE-2014-6271.

At Simple Helix, we take this matter very seriously. We closely monitor security reports that would affect systems we host and take measures to ensure all systems are patched and up to date. As soon as we learned of this vulnerability, a plan was put in to place to get all servers patched as soon as possible. We are pleased to report that all servers we manage have been successfully patched as of September 25, 2014.

If you are not currently hosting with Simple Helix and are concerned that your server may be vulnerable, now may be a good time to request a hosting quote!


Google to Give Search “Edge” To Websites Utilizing Encryption (SSL)


Google will soon begin using a new ranking signal based on the encryption utilized by websites (SSL and HTTPS). While this move is welcomed by site owners that already make use of encryption, it may serve as a wake-up call for those developers that still do not implement secure connections by default.

For Magento and e-commerce stores, we highly recommend using encryption to protect the checkout process. This is also required for PCI Compliance certification. If your site does not already have an SSL, fear not, you can purchase one directly from Simple Helix! It is also worth noting that many of our new e-Cart plans come with a free standard SSL by default!


  • Recent Posts

  • Archives