Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Cs_Cart 4.2.4 Customer Credit Information Getting Stolen Rate Topic   - - - - -

 
  • tigerbabba
  • Member
  • Members
  • Join Date: 26-Apr 08
  • 257 posts

Posted 17 May 2019 - 09:28 PM #1

Hello .

 

I am having few problems recently just got few calls from customer's that CC information is getting leaked, We don't store any credit card details & we use Authorize.NET, Is there some one aware of this recent attack called Js-Sniffers hack. 

 

So far I got 3 customer's who's complaining regarding this but I am not sure what to do. I did contact CS-Cart helpdesk but no response so far, They did release a patch may be few years back which fix this error , But I dont see any patches or update, regarding this.

 

I will appreciate if some one can help, I did do a tcp dump but cant seem to find any thing going un-usually.


Currently using CS-Cart 4.x
Fortigate Firewalls

 
  • JackConnick
  • Senior Member
  • Trial users
  • Join Date: 03-Jun 12
  • 294 posts

Posted 18 May 2019 - 04:21 AM #2

Are you running a PCI scan on your server? You usually have to do that as part of accepting cc. That should show any server issues and I would contact your server comapany. I would certainly also change your admin pw and get rid of any accounts that might have access. Rename your admin.php to something else like adminxyz.php so it can't be guessed.

 

CS Cart saves CC numbers into the order details. That is very dangerous. We do save them as we often have to change the orders. But I had our web guy do a change that eliminates the numbers when we show the order as completed.

 

I certainly would take this issue seriously, you could be liable for a lot of damages.

 

Jack



 
  • tigerbabba
  • Member
  • Members
  • Join Date: 26-Apr 08
  • 257 posts

Posted 18 May 2019 - 09:57 AM #3

We are PCI - but I am sure it's something to do with CS-Cart as that happens before few years back and CS-Cart came with a patch which fixes that issue, now same thing is happening, CS-Cart have to keep up with security patches just as Magento and other shopping cart provider if there's any leak.


Currently using CS-Cart 4.x
Fortigate Firewalls

 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 19161 posts

Posted 20 May 2019 - 05:53 AM #4

At first, install security patches from File area in CS-Cart HelpDesk

 

Then ask server administrator to search for recently modified file (exclude the var/cache directory)

 

Most possibly stolen cc details are saved to file somewhere on your server


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    CS-Cart RU                         24500 руб.
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      CS-Cart RU + UniTheme    36000 руб.