Gravityscan Help

Scanning Magento with Gravityscan

Gravityscan can scan Magento and let you know about any vulnerabilities you have in Magento or any malware that it detects. Gravityscan is specifically tailored to work with Magento, but it may require some configuration under certain conditions.

When using Magento, we suggest you use the Google Analytics method to verify your site ownership, as you can complete this with just a few clicks.

If you are using Apache with Magento or Nginx and your own Nginx configuration file, then you should be able to install both the Accelerator and the verification file in your document root without any problems.

If you are using the Nginx configuration file that is included with Magento, then you may need some additional instructions which we provide below.

How to install the Gravityscan Accelerator on Magento

Installing Accelerator when using Apache web server

To install the Gravityscan Accelerator, upload the gravityscan-agent php file to your document root in Magento. You should be able to access the test URL that we provide and Accelerator should be enabled.

Installing Accelerator when using Nginx web server

If you are using the nginx.conf.sample file that comes with Magento 2.x you will need to modify it to run correctly. If you are only running Magento on your server,  you will need to do the following:

1) Download the Gravity Accelerator file. Note the name of the file.
2) Locate and modify your nginx.conf as follows:

location ~ (index|get|static|report|404|503)\.php$ {

needs to be modified to include the gravityscan agent file:

location ~ (index|get|static|report|404|503|gravityscan-agent-xxxxxxxx)\.php$ {

Replace the x’s in the sample above with your specific file information and remember to exclude the .php extension.

Once you have made that change, it will require you to restart Nginx for the change to take affect.

Then upload the gravityscan-agent file to the /pub directory. The gravity scan accelerator file should now verify correctly.

Please note that you will only be running your scan from the /pub directory and it will not include the additional higher level directories that may be included as a part of your Magento installation such as app, bin, setup, var, etc.
This is because the Magento Nginx configuration restricts access to just the /pub directory.

If you are running additional sites or php applications in your document root, your Nginx configuration file may already be modified to allow additional php files to run. In that case, we recommend that you install the gravityscan accelerator file in the document root instead of /pub for complete scan coverage.

 

How to verify site ownership using Magento and file verification

Verify Site Ownership with Ngnix when using Magento

If you are using the nginx.conf.sample that is included wth Magento 2.x installations, you will need to upload the Gravityscan verification file to the /pub directory. Once you’ve done that, Gravityscan should be able to access the file and verify your site ownership.

Verify Site Ownership with Apache when using Magento

To verify site ownership using the file method on Magento 2.x installations using Apache web server, you will need to upload the Gravityscan html verification file to the document root. Once you have done that, Gravityscan should verify your site ownership.

Report a Bug