msp / shield

msp/shield

Advanced Intrusion Prevention System for Magento2 - Member of MageSpecialist SecuritySuite

  • Riccardo Tempesta
magento2-module Compatibility: Not yet tested Code Quality: Fail Tests: N/A Security: Pass OSL 3.0

Are you the maintainer of msp?

Packagento pulls msp's Composer packages from the public registry so buyers can find them here.

Claim the namespace to take ownership, publish new releases directly, and start charging for premium versions.

Claim this namespace →

MSP Shield

MSP Shield is the most powerful and most effective protection against malicious user in the MSP Security Suite.

It is a fully featured Intrusion Detection and Intrusion Prevention System for PHP.



MSP Shield is capable of detecting a wide number of hack attempts and protect your Magento 2 from a wide number
of potential code vulnerabilities.



You will have an high level of protection against 0-day vulnerabilities, code injections, exploit testing and other known attack patterns.



NOTE: Installing this module does not exempt you from keeping your system up to date.


Member of MSP Security Suite

See: https://github.com/magespecialist/m2-MSP_Security_Suite

Installing on Magento2:

1. Install using composer

From command line:

composer require msp/shield
php bin/magento setup:upgrade

2. Enable and configure from your Magento backend config

config.png

NOTE: Enabling this module for backend can trigger false positives, we strongly suggest to keep it enabled only for
frontend and to protect your backend with https://github.com/magespecialist/m2-MSP_AdminRestriction module .

How to test it

MSP Shield can detect a wide number of PHP attack patterns and attack attempts.

You can test it in any Magento 2 form by typing a malicious request.



For example you can try typing ; drop database magento in any form.



This will simulate a SQL injection attack. Magento is already protected against this kind of attack, but you can try it
to verify the correct configuration of MSP Shield.

injection_attempt.png

If you correctly installed and configured MSP Shield, an emergency stop screen will appear.

Hack Attempt detected (with stealth mode disabled)

detected.png

Hack Attempt detected (with stealth mode enabled)

detected_stealth.png

Logged entries

You can browse and search logged events for blocked or non-blocked requests in System > MSP Security Suite > Events Report.

No changelog yet

The vendor hasn't published a changelog. Tagged releases appear in the Versions tab.

Versions
Version Stability QA Status Compatibility Released
2.1.0 stable Fail Not yet tested Details 2017-10-28 22:33:34
2.0.6 stable Not tested Not yet tested Details 2017-09-13 13:21:31
2.0.5 stable Not tested Not yet tested Details 2017-09-12 14:28:13
2.0.4 stable Not tested Not yet tested Details 2017-09-12 14:06:56
2.0.3 stable Not tested Not yet tested Details 2017-09-11 13:39:16
2.0.2 stable Not tested Not yet tested Details 2017-09-09 15:06:49
2.0.1 stable Not tested Not yet tested Details 2017-09-07 16:55:56
2.0.0 stable Not tested Not yet tested Details 2017-09-07 16:11:32
1.2.0 stable Not tested Not yet tested Details 2017-07-31 16:07:02
1.1.2 stable Not tested Not yet tested Details 2017-07-24 09:48:29
1.1.1 stable Not tested Not yet tested Details 2017-07-24 09:22:12
1.1.0 stable Not tested Not yet tested Details 2017-07-14 15:21:16
1.0.5 stable Not tested Not yet tested Details 2017-06-25 15:13:23
1.0.4 stable Not tested Not yet tested Details 2017-06-01 18:10:21
1.0.3 stable Not tested Not yet tested Details 2017-06-01 16:40:02
1.0.2 stable Not tested Not yet tested Details 2017-05-31 18:20:07
1.0.1 stable Not tested Not yet tested Details 2017-05-31 17:42:15
1.0.0 stable Not tested Not yet tested Details 2017-05-31 16:09:13

Requires 3

Package Constraint
php ^7.0|^7.1
msp/security-suite-common ^2.0
phpmyadmin/sql-parser ^4.1

Suggests 1

Package Reason
msp/security-suite Full MageSpecialist Security Suite

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 not tested not tested
2.4.8 not tested not tested
2.4.9 not tested not tested

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge. A phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool Status Findings Summary
PHPCS Fail 118 2 errors, 116 warnings (ruleset: Magento2) — 14 auto-fixable with phpcbf
PHPMD Warning 9 9 rule violations (IfStatementAssignment:5, ExcessiveMethodLength:2, CountInLoopExpression:1, EmptyCatchBlock:1)
Cpd Pass 0
Composer validate Info 1 valid; 1 advisory note (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases.

PHPStan results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Integration tests

Integration tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool Status Findings Summary
Composer audit Pass 0
Malware scan Pass 0
License
OSL 3.0
Authors

More from msp

View vendor
Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.