Magento malware alert

Magento Alert – New Malware

Magento has alerted everyone about the new malware that appears to capture information from all fields of the checkout process, including credit card information. The attacks can either originate from the user admin login or through the database. These malware are typically contained in the following places:

Admin->Configuration->General->Design->HTML Head->Miscellaneous Scripts, or

Admin->Configuration->General->Design->Footer-> Miscellaneous HTML

For more information about this Malware, please refer to Magento Blog. Magento had released a services of security patches last year which is very unprecedented but the eCommerce giant is now trying to make the software secure and healthy.

Is my site infected?

To check if you are facing this malware attack or are susceptible to this malware attack, please run a scan on MAGEREPORT.COM to determine if you are at risk for a “Credit Card Hijack” and check to see if you have any unknown Admin accounts. If your website is compromised or hacked or more information on Magento Malware Removal, contact us.

Page Rank End

Adios Google Page Rank

Page Rank End

It’s curtains for Google’s much popular Page rank score. We all grew up under the Google Page rank era where websites high with Page ranks use to dominate both search results and premium advertisements.  Things have changed drastically both for Google and Internet and page rank was considered one dormant algorithm Google would do away with. And finally this April 16, all of the tool-bars lost signals of Google page rank.

Google had already notified users about the possible demise of PR and finally they did. infact they were no longer considering it since year 2013.

How do I judge a site now?

Google PR was one of the major parameters when rating a site. In fact when Google recommenced to switch to SSL last year, many users were reluctant as they would loose their page rank. Now that PR is no more, how do we judge a site in terms of it;s quality and traffic?

  • High volume of content which is unique and relevant to your users
  • High quality back-links (not bought)
  • Social media interactions, shares, likes etc
  • Overall Traffic to your website and bounce rate
  • Structured Data
  • Mobile Optimized website
  • Domain Trust
  • Website loading speed

Google has published a list of Guidelines that would be helpful to access the quality of your website page:









New Magento Security Patches SUPEE-7405

Magento released a new pack of Security updates called SUPEE-7405 that resolves several security-related issues. The can be considered as a mega updates addressing 20 know security issues in Magento. The issues ranges from brute-force attack to captcha vulnerability to payment gateway fix. We highly recommend all Magento users to patch up their website with the latest security updates at the earliest to avoid being attacked or compromised. here is a list of security updates. For more information, you can visit Magento Security blog.

  • Stored XSS via email address – APPSEC-1213
  • Stored XSS in Order Comments – APPSEC-1239
  • Stored XSS in Order – APPSEC-1260
  • Guest order view protection code vulnerable to brute-force attack – APPSEC-1270
  • Information Disclosure in RSS feed – APPSEC-1171
  • CSRF token not validated on backend login page – APPSEC-1206
  • Malicious files can be upload via backend – APPSEC-1306
  • CSRF leading to execution of admin actions after login – APPSEC-1179
  • Excel Formula Injection via CSV/XML export – APPSEC-1110
  • XSS in Product Custom Options – APPSEC-1267
  • Editing or Deleting Reviews without permission – APPSEC-1268
  • Disruption of email delivery – APPSEC-1177
  • CAPTCHA Bypass – APPSEC-1283
  • Admin path disclosure via – APPSEC-1208
  • XSS Payload in website’s translation table – APPSEC-1214
  • CSRF Delete Items from Cart – APPSEC-1212
  • XSS via custom options – APPSEC-1276
  • Risky serialized string filtering – APPSEC-1204
  • Reflected XSS in backend coupon entry – APPSEC-1305
  • Injected code can be stored in database – APPSEC-1240

New Security Issues for Joomla

Us-Cert has confirmed that Joomla has released an updated version 3.4.7 to address two vulnerabilities. According to the website, exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected website. immediately upon releasing new patches, Joomla released another version called 3.4.8 fixes. This was released to fix some browser that had popped up in version 3.4.7.


Here is the latest update

  • Users were unable to edit or create items after the 3.4.7 update
  • Fatal error about connection->stat() not existing on external database connections
  • After session timeout users could still navigate the backend but without being able to create/edit items or use pagination/filters

Users can download the latest Joomla version upgrade here.

For more information and Joomla support, please contact us.

Magento 2.0 is Available to download

After releasing the Beta version, Magento announced the release of Magento 2.0 available to download. Magento 2.0 is a major update  from Magento 1.0 which was released way back is year 2008. Magento 2.0 has a new set of system requirements, some of which may cause backwards compatibility issues with existing Magento 1.x installations. Magento 2.0 comes with host of new and improved features some of which includes the following:



  • Modular code base
  • Automated testing
  • Inclusion of a Data Migration Tool helps transfer existing Magento 1.x store data to Magento 2.0
  • Client-side optimizations
  • Server Apache Varnish caching
  • backend improvements
  • New and improved Magento Admin user interface
  • Updated Product addition module making it easier and faster to add products
  • new checkout flow
  • One click customer account creation
  • More informed and improved product checkout summary

Visit here for a complete list of release notes.

For more information and Magento 2.0 support, please contact us.

A number of online stores has adopted Magento 2.0 some of which are as follows:





and more. If you are seriously thinking to upgrade or migrate to Magento 2.0, we can help you. Magento 2.0 Upgrade


Joomla! 3.4.5 Released

Joomla Release Patches for Critical SQL Injection Vulnerability

Joomla! 3.4.5 Released

Joomla! 3.4.5 is now available for download. with this release Joomla had addressed a critical SQL injection vulnerability and includes additional security hardening of the UploadShield system.

Security Issues Fixed

  • High Priority – Core – SQL Injection (affecting Joomla 3.2 through 3.4.4)
  • Medium Priority – Core – ACL Violations (affecting Joomla 3.2 through 3.4.4)
  • Medium Priority – Core – ACL Violations (affecting Joomla 3.0 through 3.4.4

Joomla recommends all it’s users to all users update their website at the earliest to avoid any hack attack. The new patches for Joomla upgrade can be downloaded here.

6 Best Magneto Extensions to pep up your store

Magento marketplace is now similar to Apple app store or Google Playstore where you simply look for any feature and you see hundreds of extensions available to make your life easy. The extensions are readily available (paid or free and can really help you save time and money.  We have complied a list of the some of the best and most popular Magento Extensions that could really bring quality and traffic to your website.


WordPress Integration (Free)


This is one of the most popular WordPress extension for Magento eCommerce that integrates your WordPress blog with your Magento store. This extension is free and requires no core Magento or WordPress file modification. The extension also supports a large selection of WordPress plugins for free and others with add-on extensions.


One Step Checkout (Paid)


Again one of the popular checkout extension. This extension Provides fastest checkout process with Magento one page checkout using Ajax, Google Suggest & multi checkout mode. The extension also supports 40+ international payment methods on One Step Checkout page making it one of the best one page checkout plugin.

GoMage Feed Pro v.3.5  (Paid)


With the popularity of Google Merchant , Yahoo store etc, you need to create optimized product feed. GoMage Feed Pro extension allows you to provide information about products from your online store to search engines like Google Base, Yahoo! Store, eBay and other sites that collect and show information about your products.


SEO – Advanced SEO Suite (Paid)



This is one of best know SEO tool that can really make the difference if implemented properly. SEO Suite allows you to optimize the specific categories and product groups for specific search terms  and helps improve the performance of your Magento store in search engines. This extension is used properly can help you get rid of duplicate content which is usually supplied by the manufacturer.


Yopto Reviews (Free)



Google and other search engines prefer user generated content and reviews are one of the best source of user generated content. Yotpo helps Magento stores generate tons of reviews and use them to drive qualified traffic and more sales.  Yotpo lets your shoppers write their review directly in their email inbox, making it super-easy for them to leave feedback.

GuruIncSite Malware

GuruIncSite Malware attacks Magento websites

GuruIncSite Malware

A new type of malware called GuruIncSite Malware which is actually a javascript injection has affected thousands of Magento based stores. The malware exploits a vulnerability in Magento or a 3rd party extension to inject a piece of javascript malware into the Magento database, which then infects any visitor to the site. The bad news is that Google has identified these domains and has categorized these online stores as blacklisted affected by the hack.

As per the Sucuri Security blog , this malware is injected in the design/footer/absolute_footer entry of the core_config_data table, but we suggest scanning the whole database for code like “function LCWEHH(XHFER1){XHFER1=XHFER1” or the “guruincsite” domain name. The attack involves the injection of malicious scripts through iframes from the domain Both an obfuscated and non-obfuscated version of the infection has been reported.


Find out if your Magento store is affected

To find out if your store is affceted, go and scan your site for free using the following tools:

How to remove GuruIncSite Malware

  • Since this malware is mostly attaching the footer, go to the admin and Navigate to System > Configuration > Design > Footer > Miscellaneous HTML and remove the malicious code there. The hack can be identified by the presence of the code function LCWEHH(XHFER1)[…]. If you prefer to edit the database directly, look for the design/footer/absolute_footer entry of the core_config_data table.
  • Delete any unknown admin user which you did not created. this may be a malware
  • Patch up your Magento store with latest Magento Security patches.
  • Updates your website to the latest Magento version.
  • change all login credentials just to be super safe!

If your website is affected by a malware, contact us for a free analysis. We offer professional Website malware Removal services.

Platina Partners with Nexcess Hosting

Nexcess-Magento-Hosting  Platina-logo1

Platina IT is happy to announce our Partnership with Nexcess.Net, LLC, a leading Hosting company based out of Michigan, USA. Nexcess specializes in Magento hosting and has seen tremendous growth due to their excellent track record and impressive customer service. The company has multiple data centers across US, Australia and the UK. As a leading Magento Web development company, we fully endorse Nexcess Hosting as the one of the best in the business.

Magento 2 Beta now released

Magento 2

Magento 2.0, the next generation Ecommerce platform has been beta released now.  Magento 2.0 is a significant improvement over Magento platform with lot of upgrade and enhanced featured geared to next generation of Ecommerce solutions. Magento 2.0 is built on a new and modern technology stack and integrates better with third party solutions.

Magento 2.0 is clainming to focus on the following 7 features:

  1. Update the technology stack
  2. Streamline the customization process
  3. Facilitate frontend development
  4. Reduce upgrade efforts and costs
  5. Improve performance and scalability
  6. Deliver better quality, testing resources, and documentation
  7. Increase engagement with the Magento community

Magento 2.0 is a future of Magento ecommerce and is a welcome update benefiting both developers as well as Ecommerce merchants who are looking for more scalable and powerful solutions. check out all the enhancements and updates to Magento 2.0 here.