MrPhil Posted March 14, 2019 Share Posted March 14, 2019 An interesting (and concerning) article: https://arstechnica.com/information-technology/2019/03/a-new-rash-of-highly-covert-card-skimming-malware-infects-ecommerce-sites/?comments=1 . It seems there are ways to inject encoded Javascript credit card skimmers into shops (Magento, so far, has been hit hard). One of the comments brought up Content Security Policies to control where Javascript comes from on your site. Link to comment Share on other sites More sharing options...
René H4 Posted March 15, 2019 Share Posted March 15, 2019 Since tha fall of the Bitcoin those criminals are running out of money..... 🙂 I am glad my shop does not use CC, however I searched for the string metioned in the article: not found. Thanks for mentioning @MrPhil Link to comment Share on other sites More sharing options...
♥John W Posted March 15, 2019 Share Posted March 15, 2019 Hey PHil, thanks for this article! I actually shop at one of the six they say is still infected although I haven't in a while. cajungrocer.com sells as you would guess, Cajun food and ship nationwide. Actually, they had an OSC based site at first then switched to a slow ass Magento several years ago. I'm not really a dog. Link to comment Share on other sites More sharing options...
MrPhil Posted March 15, 2019 Author Share Posted March 15, 2019 Is "slow ass Magento" the new "slow as molasses" way to describe pokey things? Link to comment Share on other sites More sharing options...
♥John W Posted March 16, 2019 Share Posted March 16, 2019 I've seen some Magento sites that are set up better and not so slow, but more ofthen than not, they are slow. I try to make my site as fast as I can. I also try to make my site secure. Actually, your post got me going on running different security scans on my site and I impremented a few changes to improve security. At the same time, I spent some time scanning cajungrocer.com and they are not very good for security. Problem is I like many of the items they sell, but they have a lot of room to improve. Here's a couple of the additions I made to my .htaccess today. Header always append X-Frame-Options SAMEORIGIN Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options nosniff A while back I added this Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" I also set secure cookie and some other settings. I'm not really a dog. Link to comment Share on other sites More sharing options...
AgnesDBLN Posted March 24, 2019 Share Posted March 24, 2019 Thankx for sharing the article. Never heard of online credit card skimmers so far. The bad guys never rest. :-I Link to comment Share on other sites More sharing options...
MrPhil Posted March 24, 2019 Author Share Posted March 24, 2019 Indeed, the bastards never do . Let me take the opportunity to clarify that this is not the same thing as "credit card skimmers" found attached to physical ATMs, gasoline pumps, etc. (things that take credit and debit cards). They read and record magnetic stripe data, and usually there is a small camera nearby to record you entering the PIN. New cards can be created with this data and used to suck dry your account. Always keep an eye open for loose or mismatched parts where you stick your card in, and try to conceal your use of the keypad (get up close to it, possibly shield it from your hand -- you never know where the camera is). Signs directing you to use a specific gas pump, etc. are another tip-off. Report suspicious setups to the store manager or the police. Enjoy Spring and stay safe! Link to comment Share on other sites More sharing options...
GraMi91 Posted April 9, 2019 Share Posted April 9, 2019 Interesting read, thanx a lot! Link to comment Share on other sites More sharing options...
omg13v Posted May 3, 2019 Share Posted May 3, 2019 Oh wow, that's crazy. Thanx a lot for sharing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.