@colin – we have also seen an iframe-injecting nasty before. As you metioned, it broke Magento which was great, however it was nowhere near as serious as sending card data – it just attempted to spread itself.

It also sniffed FTP passwords from what we could gather. It was contracted due to a vulnerability in Adobe PDF reader on one of our machines and then it spread to others who visited any sites.

If magento is vulnerable to anything, it certainly seems wise to not 777 everything, something I have personally decided not to do. Glad I did

@colin – we have also seen an iframe-injecting nasty before. As you metioned, it broke Magento which was great, however it was nowhere near as serious as sending card data – it just attempted to spread itself.

It also sniffed FTP passwords from what we could gather. It was contracted due to a vulnerability in Adobe PDF reader on one of our machines and then it spread to others who visited any sites.

If magento is vulnerable to anything, it certainly seems wise to not 777 everything, something I have personally decided not to do. Glad I did

You mentioned mentioned in your comments a manual patch… do you have any further information on this?

Reason I ask is that I have a magento website still on 1.3.0.0, I’m hesitent to upgrade due to past issues I have had with the auto upgrading process… any information or instructions on manual patching would be fantastic – maybe another blog post for it?

Many thanks
James

You mentioned mentioned in your comments a manual patch… do you have any further information on this?

Reason I ask is that I have a magento website still on 1.3.0.0, I’m hesitent to upgrade due to past issues I have had with the auto upgrading process… any information or instructions on manual patching would be fantastic – maybe another blog post for it?

Many thanks
James

@Colin – What mask should we be using – 755?

Thanks,
Jonathan

@Colin – What mask should we be using – 755?

Thanks,
Jonathan