Fake Payment Method Added in Magento Store – Credit Card Info Getting Leaked
Today, when businesses and buyers have found the common ground-The e-commerce space. Online shopping has become the most natural phenomena around. And CMS (Content Management System) like Magento, is one thriving software in this niche. However, it has resulted in it becoming the unfortunate target of cyber attacks. Well, credit card hacks in Magento is not something unheard-of. Adding to its previous list of attacks, a new case of Credit Card Hack in Magento has come to light.
Contents of This Guide
- 1 Indicators of the Credit Card Hack
- 2 Credit Card Hack Prevention Methods
- 3 Conclusion
Indicators of the Credit Card Hack
In the past, we have repeatedly seen credit card hacks in the top e-commerce CMS(s) like Opencart & Prestashop. In these kinds of hacks, the hacker either adds a new payment method or plants a fake payment form. These tricks let him fish valuable credit card info.
This particular hack was disclosed when one of Magento users reported to us that something fishy was going on with his website’s payment gateway. When our engineers, scanned the website, they found that it indeed was hacked.
Fake Form Added in Magento Store Checkout Page
Below is a picture of the fake form added by the hacker. The right side of the image shows a mandatory form with another set of details like name, credit card number, etc. The details inserted in this form would get transmitted to the hacker.
Astra’s Magento Malware Scanner
After getting the first hint from the user, engineers at Astra ran malware scanner on the customer’s website without delay. This scan also had something to reveal, it showed the exact places/files which were infected. In this particular case, the malware was found in the JS file.
Malicious Codes found
Our ethical hacking team then went deeper and found that the hacker had abused several lines of codes to trespass the security.
The following picture shows the compromised codes.
Is your Magento website hacked? Send us a message in the chat widget, and we will be happy to help.
Credit Card Hack Prevention Methods
Of course, our security team removed the malware manually from the website. And then restored it to its healthy state with enhanced security settings in place.
You can do the following to check and remove the credit card hack from your websites.
Install Security Patches by Magento
Magento releases timely security patches for its users to install. Do not lag behind in installing them. Upgrading your store to the latest version can be your life savior.
Rename Admin Folder
Renaming the folder will make it difficult for attackers to find it. Moreover, you can make use of .htaccess to prohibit access to the login folder by IPs other than that of the Admin.
.htaccess can also be used to protect catalogue and sensitive files like .txt, .twig, etc. File match will do the job.
Set Strict Folder Permission
Restricting files, folders, and subfolders in a way that only the admin can access will add to your security hugely.
Set Strict File Permission
Set file permissions for sensitive files to 644 or 444. Having this permission will restrict everyone other than the admin to write/modify it. Some sensitive files are:
Related article- How to Remove Magento Credit Card Malware Hack?
Given the number of attacks that are reported in e-commerce sites on a daily basis, we can say that e-commerce is the coveted space by hackers. It also corroborates the fact that it needs to be more secure than others. To guard your store against credit card hacks, make sure your website is upgraded and all the important files out of reach. In case you are not able to solve this on your own, Astra Security is here.
Astra’s Firewall prevents your website from SQLi, XSS, bad bots, and 100+ security threats. Our Malware Scanner scans a website in 10 minutes the first time and takes less than a minute for the subsequent scans. This Scanner could be availed on demand by the user. VAPT (Vulnerability Assessment & Penetration Testing) at Astra makes sure no coding fault/malware is left on your website.