Protecting Your Magento Store from Trojan Orders: Introducing the Trojan Request Blocker

On By Tiago SampaioIn API, Development, Magento 2, Security


The rise of cyberattacks targeting e-commerce platforms continues to be a significant concern for online businesses.

In recent months, some of our clients have been dealing with an alarming issue: Trojan orders. These orders contain malicious code injected through customer information fields like first name and last name, with the intent to exploit vulnerabilities in Magento during page rendering. If left unchecked, these attacks could pose a severe security risk, compromising sensitive information and threatening the stability of your online store.
In this blog post, we’ll break down what Trojan orders are, how attackers are leveraging them to attempt hacks in Magento, and how you can protect your store using a solution we’ve developed specifically to address this vulnerability—the Trojan Request Blocker extension.

Understanding Trojan Orders in Magento 2

Trojan orders refer to orders that appear legitimate but are embedded with malicious code in certain fields, such as customer first name and last name. The goal of the attacker is to inject malicious scripts that get executed when the page renders, particularly on the backend. Here’s an example of what this might look like:

{{if this.getTemplateFilter().filter(dummy)}}{{/if}} sys{{if this.getTemplateFilter().addAfterFilterCallback(base64_decode).addAfterFilterCallback(system).Filter(Y2QgcHViO2VjaG8g

In this example, the attacker is attempting to exploit Magento’s template engine by injecting logic that, if successful, would allow them to run arbitrary code on the server. This can lead to severe consequences, such as unauthorized access to the system, data theft, and much more.

See how the order gets into Magento:

How Does This Work?

Magento, like many platforms, uses certain templating engines for rendering data. Unfortunately, attackers may try to exploit this functionality by injecting logic into template variables. The hope is that the malicious code would get executed during page rendering, whether on the admin or storefront pages.

These kinds of attacks may allow the attacker to run system commands or inject code that gives them further access to the Magento system. It’s a form of Remote Code Execution (RCE) attack, which is one of the most dangerous types of attacks in e-commerce platforms like Magento.

Why This Is Dangerous

  • System Compromise: If the code is executed, it could allow hackers to run arbitrary commands on your server.
  • Data Breach: Customer data and payment details could be accessed or compromised, leading to GDPR violations and a loss of customer trust.
  • Business Disruption: The hacker could cause downtime or make unauthorized changes to your store, disrupting business operations.

Magento developers and store owners should never underestimate the severity of this threat.

The Solution: Trojan Request Blocker

To combat this alarming issue, we’ve developed the Trojan Request Blocker, an extension specifically designed to safeguard your Magento store from these Trojan order attacks. You can view and download the extension on our GitHub repository here: Trojan Request Blocker Extension.

How the Extension Works

The Trojan Request Blocker is designed to detect and block any attempt at injecting malicious code into customer input fields, such as first name, last name, and other order-related fields. It effectively scans and sanitizes these inputs before they are saved or processed, ensuring that harmful code cannot slip through.

Here are the key features of the Trojan Request Blocker:

  1. Input Validation: The extension implements robust validation on customer input fields (e.g., first name, last name, etc.) to ensure no executable code is passed through these fields.
  2. Blacklist of Malicious Patterns: The module maintains a blacklist of known malicious code patterns. If any of these patterns are detected, the order is flagged or blocked entirely, preventing the execution of harmful scripts.
  3. Preemptive Filtering: Rather than waiting for malicious code to hit the rendering engine, the Trojan Request Blocker preemptively filters out dangerous syntax at the point of input.
  4. Secure Logging: The extension logs any blocked attempts, giving you visibility into the types of attacks your store is facing. These logs can be helpful for security audits and understanding attack vectors targeting your site.
  5. Lightweight and Fast: Designed with performance in mind, the Trojan Request Blocker is lightweight, ensuring that your store’s performance remains unaffected while adding an essential layer of security.

Installation and Usage

The installation process is simple and straightforward. Install it via Composer:

composer require magedin/module-trojan-request-blocker
php bin/magento module:enable MagedIn_TrojanRequestBlocker
php bin/magento setup:upgrade
php bin/magento setup:di:compile

How to Use It

Once installed, the Trojan Request Blocker works automatically in the background, scanning incoming orders for malicious patterns. If an attempt to submit a Trojan order is detected, the system will either block it or flag it for further investigation, depending on your configuration.

Here’s a video of how to use it and how it’s effective against these attackers.

Why You Should Implement This Extension Now

As we know, Magento handles critical customer and transactional data, making it a prime target for cyberattacks. Ignoring these security concerns could leave your store vulnerable to serious threats that might compromise sensitive customer data or lead to business disruption. Here’s why you should act immediately:

  1. Proactive Protection:
    • Don’t wait until it’s too late. Prevent hackers from exploiting vulnerabilities in your system before they can do any damage.
  2. Safeguard Customer Trust:
    • Your customers trust you with their sensitive information. Ensuring that their data is safe will help you maintain that trust and avoid potential legal and financial repercussions of a data breach.
  3. Compliance with Security Standards:
    • Protecting customer data and ensuring secure transactions is key to maintaining compliance with e-commerce and privacy regulations such as GDPR and PCI DSS.
  4. Peace of Mind:
    • Sleep easy knowing your Magento store is protected from these Trojan order attacks with a powerful security layer working behind the scenes.

Conclusion

As Magento continues to be one of the top platforms for e-commerce, it’s critical that we remain vigilant against emerging security threats. The Trojan Request Blocker is a simple yet effective tool to help protect your Magento store from sophisticated attacks involving Trojan orders.

If you haven’t already, it’s time to beef up your security and install the Trojan Request Blocker. Your store, your customers, and your peace of mind are worth it!

🔐 Get the extension now: Trojan Request Blocker Extension.

Stay safe and keep your Magento store secure! 🛡️

Leave a comment