In fact only 23% of Magento owners allocate enough resources and time to keep their stores secure. Most of Magento don’t have installed security updates, don’t use Firewalls or Security Suite tools.
To be completely honest, I have to notice, that such situation related not only to Magento stores but also for other CMS (like WordPress or Joomla).
How modern hackers work:
Long time ago hacking was quite romantic thing. You, laptop, at night, doing a security research of some website. And after you found vulnerability (spent whole night) you are proud of what you did, of course you can take advantage of it or you could be a “white hat” hacker and report it to website owners (maybe even for some bonus).For a lot of tech guys “hacking” was like kind of sport – important to find vulnerability but database stealing or uploading infected code was up to moral qualities of person.
But now it is cold-blooded business!
Now hackers don't spend whole night for manual research of one website. As in any business – most of things should be automatized! They build special tools and crawlers (just like Google has) which scan millions of websites, looking for vulnerabilities, not installed security updates, old versions of CMS, etc.
And as soon as such crawlers found vulnerability, they automatically upload infected code or steal database and go to next victim.
What about some facts ?
To get some specific numbers, we made a research for our own website.We decided to compare data from Google Analytics with actual amount of unique visitors (using PHP).
Statistic was unbelievable.
Google Analytics showed 213 unique visitors per day but our PHP logger detected 602 unique visitors.
I always knew that Google Analytics doesn’t include in statistics crawlers, parsers, scanners and other suspicious activity to make data more accurate.
But I never thought that this “suspicious” activity is 73% of our total traffic.
To confirm these results we decided to make the same tests for our clients who have much more popular Magento stores. After client’s approval we configured Magento to log all activity.
Results we got, were even more interesting but quite expected.
The more Magento shop was popular, the more crawlers and scanners were interested in it. The leader was 7 years old Magento 1 store with 91% of non human traffic.
So remember, websites are always monitored by dozens of different crawlers and part of them is checking websites just waiting for not installed Magento security update.
Security & Magento Performance
Crawlers and scanners also bring performance problems.If websites mostly serve crawlers and bots it means that most of website performance spent on it.
You pay to hosting provider, buy CPU, RAM and most of it spent not by real customers but by crawlers which automatically analyze your website.
If we compare behavior of 1 crawler with one real customer – user will never go through all pages of website, however crawler can do it easily, taking even more server resources.
Firewall for Magento
After these researches and a few meetings with our clients, we decided to find solution for this issue.In cooperation with security specialist we wanted to create Magento Firewall extension which would give possibility to track server load, block suspicious “visitors” and even block countries that are not served by store but are the biggest sources of hackers activity (you know what I am talking about).
You can read more about results of our work here: Magento Firewall, Country Blocker & Security Suite