homepage Welcome to WebmasterWorld Guest from 23.22.59.252
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
Warning- CC Processing Redirection
slight change to your code - huge issue
lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4598106 posted 4:03 pm on Jul 31, 2013 (gmt 0)

If you run a Magento shop you need to read this post from Sucuri about the latest scam in stealing CC info from your eComm transactions. It's likely happening to any eStore but Magento was named.

[blog.sucuri.net...]

 

jwolthuis

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4598106 posted 4:26 am on Aug 2, 2013 (gmt 0)

It's likely happening to any eStore but Magento was named.

Care to explain your premise?

From the article, it appears that a specific file (in a specific folder) named "Pxpay.php" somehow gets modified.

How would this "likely happen" to an eCommerce site based on ASP.NET? Or are you assuming that "any eStore" runs PHP? ... or that "any eStore" has a script called "Pxpay.php" in that specific folder?

This is a Magento bug (at best), and it should be handled by them. No need to label it as the "latest scam in stealing CC info... likely happening to any eStore".

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4598106 posted 11:13 am on Aug 2, 2013 (gmt 0)

It's not a platform specific hack. It's the concept that's the issue. A slight modification to the payment processing flow that does the dirty work and makes it hard for most etailers to find.

Until you notice, the hackers are collecting the credit card info of your customers. Magento was named but the hack could be applied to any store and likely is. Any hacker that makes money selling CC info would likely have a suite of code blocks for the most popular eComm applications available to use with this hack. The only real challenge is getting in to make the changes.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved