The client requested to stay anonymous because they wanted to hide the community from unwanted attention. For this case study, we will use the name Moira Stone.
Moira Stone is an online magazine that publishes opinion pieces on controversial and offensive topics. They have a store to sell the merchandise to the audience, members and fans. It is a closed group, and the website works on a membership basis.
The website is doing excellent work in giving a chance to marginalized voices to speak and share stories. Due to the topics and writers it covered, the website store is usually under attack by opposition voices.
The Problem
The Moira Stone Magento store was getting down every other day. The security was compromised, and users complained about receiving the spam emails from website. Worst of all, the store has received a warning from the payment gateways and email service providers.
They were hosted on the basic Magento hosting, as it made sense to them when they started the merchandise store. All the standard security practices and SSL have been taken care of, but hackers were still successful in exploiting the store.
Fortunately, our sales team outreach them, and we arranged a meeting. After learning of the issue, our team took it as a challenge to stop the attack completely. Nearly six months in, the store has not compromised a single time.
The Solution
We started by thoroughly scanning the Magento stores and auditing the security setting.
- Scanned the core files
- Review the user logs
- Searched for the malware
- Hunt for malicious code
Our team used the tools and looked at the many files manually to ensure we got all the risky code out of the system.
We created a stage on Breeze and built the store on it. The Magento core was used freshly.
After that, the team followed the best practice and in-house security guide to prepare the store for production. We ran in-house tests to find the vulnerability. When everything looked fine, the store was pushed to live.
The Result
As expected, there was a DDoS attack in the beginning, which was shut down using active IP blacklisting. Gradually, the attacks increased, but our firewall managed it effectively.
There were some attempts to bot attack to take the website down. However, the Breeze inbuilt bot management tackled it.
The store has been live for 6 months now, and the store still gets attacked randomly – but the attackers are not successful yet. The server firewall, application firewall, and bot-control keep the store secure. Moreover, active monitoring will alert the system if anything goes down.
Want the Same Results?
If you are struggling with security and want the same level of protection, feel free to get in touch.