web site security issue

web site security issue (Full Version)

All Forums >> [Web Development] >> Search Engine Optimization and Web Business

Message

Joe Hussar -> web site security issue (8/6/2004 6:15:01)
I've have had my Front Page web site hosted with a very reputable server for several years. I have a shopping cart which is secured via SSL technology (Thawte). Starting about 3 weeks ago I've had a number of instances where the customer credit card is denied by the credit card company when I process the order. The reason turns out to be that the credit card number was stolen and used fradulantly. This is all a very recent development. Of course there are always bad credit cards submitted, but the sheer number of instances and the almost identical circumstances is like a "run on the bank", highly unlikely to be just random timing, etc. Sometimes the customer finds this out after I advise him/her that the credit card was denied; they then call the credit card company to find out what's going on. Sometimes the customer is advised directly by the credit card company (before I've even had a chance to call). In almost all of these cases the customer tells us they did NOT go anywhere else and use their card. They are convinced something is happening at my end (web site). One problem I've had in trying to find out the cause is they have not been able to provide any specific information.........one customer told me she had to have a subpoena to get the details, and since the credit card company doesn't charge her for what is admittedly fradulant, she just didn't want to bother with it. I have fire walls, and all the usual security protection. I have ruled out employee theft. I can find no place where my site is "leaking" but it's just too much of a coincidence. Does anyone have any suggestions? Can anyone tell me where I could find a computer security "expert" that could really help me get to the bottom of this issue? It's a potential disaster. Thanks! Joe Hussar candywebster@aol.com http://www.candylandcrafts.com/

Reflect -> RE: web site security issue (8/6/2004 7:42:10)
Hi Joe, I feel your pain! I see you are using Danise cart. I found some things on this cart, it is rather dated (from 2000 through Oct. 2003) but ... "While Dansie could issue a patch to customers to disable the backdoor, Harris said prudent users will uninstall the software and find a new shopping cart provider" Referenced from here ... http://www.internetnews.com/ec-news/article.php/4_340591 So first question is, are you running the patch? Another dated find... http://www.theregister.co.uk/2000/04/15/shoppingcart_back_door_gives_author/ Another dated find... http://www.securityfocus.com/archive/1/Pine.LNX.3.95.1000411171050.24527G-100000@animal.blarg.net And a less dated reference... http://cgi.resourceindex.com/detail/01711.html And a less dated reference than the last... http://www.net-security.org/vuln.php?id=3027 So the latest reference that I found is from October 2003. To be fair on that note I searched several SEs to see if he had made some counter statements, I found nothing. Now on the flip side on one E-Comm site that I did I had a bad run two years ago. I had a string of around 10 fraud orders. They were almost sequental which in my small mind suggested a CC companies DB somehow got raided. When working with CCC they waived a lot of the return fee %s. I thought this was curious as they had never done that in the past. I kept pressuring them on the CC numbers being almost in numerical order. They never did verify any of it but again I never had the CCC waive the return/credit fee/%. So you have to expect fraud, it just depends on how you handle it and how quickly. Some sites will get targeted out of the blue. Normally though it is once people find a venerability. HTH, Brian

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.03125