Hi Guys, Not sure if this is the best place to post this but i've made a script to update all the magento installations on your ISPConfig3 Server. It's a bit basic but it works. Feel free to modify as you see fit. Unzip the attached file to /root/ & mark the files as executable Code: tar zxvf magento_shoplift.tar.gz . && find . -type f -name *.sh -exec chmod +x {} \; First off get a list of the vulnerable sites. I've done this as a manual step so you can sanity check it first & makes debugging easier. Code: find /var/www/ -wholename '*/app/code/core/Mage/Core/Controller/Request/Http.php' | xargs grep -L _internallyForwarded > /root/magento_shoplift/paths.txt Then cd to /var/www/ so the paths match and run the script. Code: ~magento_shoplift/fixer.sh The script basically does: Goes through the list of files and finds out the version of magento installed. It then selects the relevant patch and applies it then chown's the files back to what it should be. If you're feeling adventurous there's a line at the bottom of the script which will clear the magento cache directories for you afterwards. But i feel a bit uneasy about that so if you want to do that, go for it. Uncomment it . DOWNLOAD IN THE NEXT POST
The script can be downloaded from bitbucket here: https://bitbucket.org/xenocide/magento_shoplift/downloads
