Magento 2 – Dirty COW Linux OS Vulnerability

In Magento 2, you will see notification about Dirty COW Linux OS Vulnerability. So what is this ? What it means ?

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel that can allow a local user (like a web hosting account) to gain root access to the server. This can also be a huge problem if your Magento store is compromised and the attacker has the ability to upload files to your server or hosting account.

More Information: http://dirtycow.ninja/

If you manage your own server, you will need to update the kernel (and reboot your server) once the security patch is issued by your operating system providers.

If you do not manage your own server or if you are using shared hosting, contact your server administrator or hosting provider to make sure that you are protected against this vulnerability.

Please take news into consideration and secure your online store.

Ref: https://magento.com/security/vulnerabilities/new-linux-operating-system-vulnerability

How to enable CAPTCHA in Magento 2?

How to enable CAPTCHA in Magento 2?

This tutorial will tell you how to enable CAPTCHA protection in Magento 2 store. CAPTCHAs help protect your site from spamming by bots and other malicious actors.

To enable CAPTCHA protection for the administration side on Magento 2, follow below steps:

1) Log in to Magento 2 using your admin account.

2) From left sidebar, click Stores, and then Settings -> Configuration.

3) In this page, expand Advanced section in the panel on the left and choose Admin.

4) Find CAPTCHA section and expand it.

5) Enable CAPTCHA in Admin list box, select Yes. Now you can see some advanced configuration options as below.

Font list box – you can select the font that appears in the CAPTCHA.

Forms box – select which forms you want to protect. You can select the administration login page and the page that appears when a user clicks the Forgot your password? link on the login page.

Displaying Mode – To have the CAPTCHA always appear on the login page, in the Displaying Mode list box, select Always. Alternatively, to have the CAPTCHA only appear after a specific number of failed login attempts, select After number of attempts to login.

CAPTCHA Timeout (minutes) – Enter CAPTCHA timeout in minutes

Number of Symbols – You can specify 8 symbols at the most. Range allowed (e.g. 3-5)

Symbols Used in CAPTCHA – You can specify the symbols used in captcha (e.g. ABCDEFGHJKMnpqrstuvwxyz23456789)

Case Sensitive – You can choose this options to enable case sensitive features.

Once you select all the necessary options as per your requirement. Click Save Config.

Magento 2 CAPTCHA Backend

By default if you enable Admin Login CAPTCHA and don’t change its settings, it will appear after 3 unsuccessful attempts to login.

Magento 2 CAPTCHA Login Page

Now after you’ve enabled CAPTCHA you’ve reduced the risk of your admin part being hacked. but what about the front-side of Magento 2.

Lets learn how to enable CAPTCHA on front-side of various pages.

1) Log in to Magento 2 using your admin account.

2) From left sidebar, click Stores, and then Settings -> Configuration.

3) In this page, expand Customers section in the panel on the left and choose Customer Configuration.

4) Find CAPTCHA section and expand it.

5) Once you select all the necessary options as per your requirement. Click Save Config.

Magento 2 CAPTCHA Front Side

Here, you can enable CAPTCHA on following pages.

  • Create user
  • Login
  • Forgot Password
  • Checkout As Guest
  • Register during Checkout
  • Contact Us

Magento 2 CAPTCHA Forgot Password

In next tutorial we will learn how to add CAPTCHA on custom pages. Stay tuned for more updates!

Hope this tutorial will be helpful to you, if you have any query then share it in comment section below any time, We will be happy to help you.

Enjoy Magento 2! Enjoy Magewallet!!