homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

Warning- CC Processing Redirection
slight change to your code - huge issue

 4:03 pm on Jul 31, 2013 (gmt 0)

If you run a Magento shop you need to read this post from Sucuri about the latest scam in stealing CC info from your eComm transactions. It's likely happening to any eStore but Magento was named.




 4:26 am on Aug 2, 2013 (gmt 0)

It's likely happening to any eStore but Magento was named.

Care to explain your premise?

From the article, it appears that a specific file (in a specific folder) named "Pxpay.php" somehow gets modified.

How would this "likely happen" to an eCommerce site based on ASP.NET? Or are you assuming that "any eStore" runs PHP? ... or that "any eStore" has a script called "Pxpay.php" in that specific folder?

This is a Magento bug (at best), and it should be handled by them. No need to label it as the "latest scam in stealing CC info... likely happening to any eStore".


 11:13 am on Aug 2, 2013 (gmt 0)

It's not a platform specific hack. It's the concept that's the issue. A slight modification to the payment processing flow that does the dirty work and makes it hard for most etailers to find.

Until you notice, the hackers are collecting the credit card info of your customers. Magento was named but the hack could be applied to any store and likely is. Any hacker that makes money selling CC info would likely have a suite of code blocks for the most popular eComm applications available to use with this hack. The only real challenge is getting in to make the changes.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved