Vulnerability scanner

MageStack has a built in vulnerability scanner, which performs a number of roles

  1. Detects common PHP exploits
  2. Detects Magento 3rd party module exploits
  3. Identifies potentially compromised files
  4. Identifies abnormal files
  5. Checks if all available Magento patches have been applied

The scanner is automated and logs its results to the audit log, named magescan-YYYY-MM-DD.log.gz

Report priorities

Three difference priorities are used in the report to classify the potential risk,

  1. Critical - High risk. This issue must be immediately investigated (eg. an urgent Magento patch)
  2. Warning - Medium risk. This requires investigation, it could be a false positive or non-critical (eg. an abnormal file or low-priority Magento patch)
  3. Notice - Low risk. But should be investigated

Report format

The scan first tests for Magento patches (identified by the patch version/revision), followed by the other vectors (identified by an arbitrary ID)


Test ID:     SUPEE-6788
Description: [Critical] Magento patch

A successful test will not report any warnings/files beneath the description.


Entire document root

To exclude an entire document root from scans, create a file named .ignore.magescan in the document root,


cd /microcloud/domains/example/domains/
touch .ignore.magescan

Specific file

To exclude individual files/directories from scans, create a file named .exclude.magescan in the document root and enter the files/directories to be ignored, separating each with a new line with no trailing whitespace,


cd /microcloud/domains/example/domains/
touch  .exclude.magescan

Then inside .exclude.magescan,


! The full path as reported by the scan must be entered in the file (ie. including /microcloud/data)