If you are using Nginx web server software and Magmi Data Import Tool, you should be aware of your Magento site security at risk. So, it is strongly recommend checking for this security concerns and get them fixed on your Magento site.
Nginx Web Server Misconfiguration
Byte.nl recently reported that some misconfigured Magento sites using Nginx web server software are vulnerable to attacks. Magento cache files have certain sensitive data information, which can be used to important information about the installation, database password, customer information, etc. Nginx Web Server Misconfiguration allows outside access to Magento cache files.
To protect your Magento website from this, you must follow Magento Security best practices and configure your web server environment. All your directories and files must be protected using server level configuration and you need to make sure that no one can access it from outside.
If you find something strange on your Magento site recently and you are using Nginx web server, we can help you to check all your settings and configuration and make sure your Magento site is secure. Please contact us for security test.
The usage of Magmi Data Import Tool
It is strongly recommended that you should either remove this tool completely from your Magento website or limit access to it based on IP address or password. This tool can be used to gain full access to Magento installation. Since it can be used to access Magento installation, it is very critical that you determine immediately to remove this tool.
If you are using Magmi Data Import Tool and want to keep using it, contact us to make necessary settings to protect your website’s security.