We noticed a fairly stupid (failed) hacking attemp in our server by placing an order with code-injection.
Analysis
It’s a simple and fairly bad attempt to get the shop to download and execure some PHP-malware.
The malware is very generic and probably just off-the-shelf.
The attempt was very rudimentary and made in a way that would instantly come to attention.
So this was in no way targeted and is probably attempted with thousands of shops in an automated way.
Response
We informed the abuse department of the domain registrar used to download the malware from.
We also added the existing captcha also to the account-creation process.
Obviously we did check the log files, security scanner report and that indeed all patches against known issues (security relevant or not) hava already been applied.
We also enabled an „invisible“ Google ReCaptcha V3 in addition to the existing server-side captcha for account-creation and deleted a large number of similar accounts created by harmless bots in the past.