Welcome to WebmasterWorld Guest from 54.196.175.173

Forum Moderators: buckworks

Message Too Old, No Replies

Warning- CC Processing Redirection

slight change to your code - huge issue

     

lorax

4:03 pm on Jul 31, 2013 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



If you run a Magento shop you need to read this post from Sucuri about the latest scam in stealing CC info from your eComm transactions. It's likely happening to any eStore but Magento was named.

[blog.sucuri.net...]

jwolthuis

4:26 am on Aug 2, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It's likely happening to any eStore but Magento was named.

Care to explain your premise?

From the article, it appears that a specific file (in a specific folder) named "Pxpay.php" somehow gets modified.

How would this "likely happen" to an eCommerce site based on ASP.NET? Or are you assuming that "any eStore" runs PHP? ... or that "any eStore" has a script called "Pxpay.php" in that specific folder?

This is a Magento bug (at best), and it should be handled by them. No need to label it as the "latest scam in stealing CC info... likely happening to any eStore".

lorax

11:13 am on Aug 2, 2013 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It's not a platform specific hack. It's the concept that's the issue. A slight modification to the payment processing flow that does the dirty work and makes it hard for most etailers to find.

Until you notice, the hackers are collecting the credit card info of your customers. Magento was named but the hack could be applied to any store and likely is. Any hacker that makes money selling CC info would likely have a suite of code blocks for the most popular eComm applications available to use with this hack. The only real challenge is getting in to make the changes.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month