Kryptronic Software Support Forum

You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.

Pages: 1

 

#1 09-15-2015 18:55:04

btwebmedia
Member
Registered: 08-25-2010
Posts: 150

Fraud Autorize.net Transactions

Hello:

I have a client that got a phone call today from their bank stating that there were several (100's) credit card transactions were trying to be processed through the Authorize.net gateway. The only issue is there isn't any trace of these transactions inside of CCP. Of course the bank cancelled these transactions due to fraudulent tendencies, but do anyone have any suggestions or history on what is happening? Thanks.

Offline

 

#2 09-16-2015 08:36:04

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19876
Website

Re: Fraud Autorize.net Transactions

This is a fairly common exploit which we have seen begin to occur since September 2014, which is happening all over the Internet.  We have been performing intense security audits on our Kryptronic eCommerce Software packages versions V6 through V9, and at this time know of no issues with the software which could facilitate an attacker obtaining the Authorize.net transaction key from an installation, provided the software is fully up to date.

We recommend taking the following steps to prevent this from happening:

(1) Ensure your Kryptronic software is patched as per the critical security update released in March of 2015 and the enhanced online processing security update released in September of 2015. These were both very small updates, which should have been applied as per Kryptronic's recommendations to all V6 through V8 installations:

https://kryptronic.com/blog/2015/03/cri … t03302015/
https://kryptronic.com/blog/2015/09/sof … ons-6-7-8/

(2) Change all passwords (use strong passwords) for all affected accounts/installs, including: MySQL database, FTP account, Control Panel account.

(3) Use the Kryptronic management interface to access System > Users > User Accounts and do a search for non-basic users (where 'usergroup' is not equal to 'users'). Locate all BackEnd users and delete any unused accounts, and change the passwords (use strong passwords) for all active accounts. These users will have a usergroup of 'admin', 'reports', or 'superuser'.

(4) Ensure that your server is set up so that remote MySQL connections are inherently disallowed. This can be done either by configuring all MySQL database users accounts to use 'localhost' instead of '%' when connecting, or can be done a the firewall level by disallowing all TCP traffic to port 3306.

(5) Ensure that your server requires FTPS connections for clients connecting via FTP. FTPS is FTP using SSL/TLS over port 21 and uses PASV mode. Do not allow standard FTP connections.

(6) Scan all installations for malware. Kryptronic uses maldet as well as a number of one-off scripts to check for malicious files on the web accounts. Delete any malicious files, and remove malicious code from any valid files which were modified.

Nick Hendler

Offline

 

#3 09-16-2015 08:49:01

btwebmedia
Member
Registered: 08-25-2010
Posts: 150

Re: Fraud Autorize.net Transactions

Thanks Nick. I will get started on this.

Offline

 

 

Pages: 1

Board footer