We recently received an email from Cloudflare about their Page Shield service and I was asked if we needed to implement it and what it did. So let’s take a look.
What is Cloudflare Page Shield?
Cloudflare Page Shield is a service that protects against Magecart attacks on your e-commerce site. So if you’re not collecting Credit Cards or running any type of payment gateway, even linking to PayPal, then you don’t need Page Shield. For those running an eCommerce site, read on.
Magecart attacks are named after the Magecart hacker group that cropped up in 2015. They got access to third-party dependencies and used them to inject their own JavaScript to capture the Credit Card information as it passed through the victim’s sites.
So this means that some code your eCommerce system relied on was infected. Then it was included in the eCommerce system without the authors knowing it was infected and credit card details were stolen.
Cloudflare Page Shield is aimed at stopping this by monitoring what scripts are running on your site and alerting you to changes in them so that you can proactively investigate if the changes are intended.
The Good and Bad on Page Shield?
It’s great that Page Shield is going to monitor your scripts and let you know what changes so you can make sure that the changes are desired. For the group of sites I run, we’d see a change every few days to our scripts as we roll out new features and keep the site dependencies up to date.
This means a lot of overhead and noise we’ll have to filter through. I’d much prefer it if they were inspecting specifically for malicious scripts and letting us know about that.
Second, at this point, you have to go check a dashboard to see what changed. For most teams, this will happen at first, and then you’ll check it once a week. Then you’ll check it once a month…then you’ll randomly stumble across it once in a while and look at all the changes and not bother checking anything.
Again, I’d prefer that Cloudflare was proactively looking for malicious scripts and then giving me options for how I want to be alerted. My team would prefer to see them in a Slack channel, but others would want them in email.
I love that Cloudflare is taking another step in keeping our sites secure, I just wish it was a bit more useful and didn’t have a chance of overwhelming my team (of one), managing 80 sites, with spurious notifications.