Jun 7 |
Two-Factor Authentication is Now Recommended for All Magento and AbleCommerce Sites
Posted by Brad Kort on Jun 07 2019 10:20
|
In the last few weeks, we have seen a growing trend across all Magento and AbleCommerce sites. Hackers are focusing attacks on admin pages. Even when the sites have a unique admin URL, malicious attackers are eventually figuring these out. Once they know the admin URL they are then attempting to break through by using a brute force method to guess the passwords. Thankfully there have been no breaches at W2M recently, but sites at other hosts have not been so lucky. These days, a username and password are not enough to protect your data. We strongly urge you to consider implementing a 2-factor authentication method for the admin section of your site. You may already be familiar with 2-factor authentication as all online banking and social media outlets have been doing this for years. After you enter your username and password, you must authenticate yourself with a code sent by text or email. If you're using AbleCommerce, our plugin can be found here: https://www.web2market.com/store/two-factor-authentication-for-ablecommerce.html Here are 2 Magento extensions that we can install on your site for you. Magento 2 Magento 1 https://amasty.com/magento-two-factor-authentication.html If you wish to have one these plugins/extensions installed, please contact either Dan Voss or Brad Kort to make the arrangements. Security is important to us and we take these threats seriously. Please be aware that choosing to do nothing can result in your site being compromised and the theft of customer data. Read more » | |
Mar 4 |
Authorize.net Direct Post MD5 Support Ends March 14, 2019
Posted by Brad Kort on Mar 04 2019 10:36
|
As of March 14, 2019, Authorize.net will no longer support the MD5 hash. That means that ALL current Magento Authorize.net integrations will cease to work on March 14. AbleCommerce will NOT be effected. So AbleCommerce merchants can safely ignore notices that Authorize.net is sending. On Friday, March 1, Magento released new Authorize.net extensions for all versions of Magento. This week, we are organizing the process to upgrade our clients. We'll be sending each client a message to co-ordinate that upgrade with you. We expect to do the replacement work off hours to minimize any impact to your sales. For W2M hosted clients, this will be done at no charge. For non-hosted clients, we expect the work to take about an hour. Please share this with anyone in your organization who may need to know. For more details from Magento, visit: https://support.magento.com/hc/en-us/articles/360024368392 If you have questions, please open a ticket on our help desk. We'll be glad to assist. Read more » | |
Aug 14 |
Authorize.net Infrastructure Changes
Posted by Tom Stoub on Aug 14 2018 12:32
|
You may have recently received an email from Authorize.net about changing infrastrure and are wondering how this is going to affect your site. We do not use a whitelist for payment gateways, so these changes will not have any impact on your site Read more » | |
Jun 29 |
Comcast Internet Outage
Posted by Tom Stoub on Jun 29 2018 12:18
|
PSA for our clients - Our servers are all functioning correctly. Comcast is experiencing extreme outages which is causing sites to not load or load slowly. You can follow along here: http://downdetector.com/status/comcast-xfinity Read more » | |
Jun 6 |
Why is Running My eCommerce Site under TLS Encryption Becoming Important?
Posted by Brad Kort on Jun 06 2017 14:08
|
The TLS encryption (often referred to as SSL, an older technology) is critical to eCommerce sites. It scrambles the data between browser and server so hackers can’t easily steal and use it. However, running your whole website under TLS provides several other benefits that are growing in importance. We strongly recommend you prepare to have your whole site running under TLS/SSL in the next 3 months. Your site will be more secure, load faster, have improved SEO and provide a better user experience. What is TLS Encryption?Transport Layer Security (TLS) is a protocol that provides privacy, security and data integrity between two internet applications. For example, between a browser and a web server. It’s the most widely deployed security protocol in use. Other applications that use TLS include email, file transfers (SFTP), VPNs, instant messaging and VOIP. How is my Site More Secure?By using TLS encryption on every page, ALL data is securely transmitting. Many sites have forms sending unencrypted data. Often times, that’s not a big deal if it’s not credit card data. However, even less sensitive data could be helpful to a hacker or competitor. For example, more... Read more » | |
Apr 20 |
Social Engineering – The Best AbleCommerce or Magento Exploit
Posted by Brad Kort on Apr 20 2017 16:47
|
I just returned from the HostingCon conference in Los Angeles. The keynote speech was an impressive presentation by Kevin Mitnick, the renowned hacker. It was a fascinating presentation, including gems like finding the social security number of a random audience member. It took him 90 seconds to find that, his mother's maiden name, phone numbers, addresses and more. However, my key take away is that social engineering is the number one Magento exploit. Security experts report 100% success rates in penetrating companies if they use social engineering. And, it's something you can easily protect your site from. What is Social EngineeringAccording to WebRoot, social engineering is "the art of manipulating people so they give up confidential info. The types of info these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank info, or access your computer to secretly install malicious software–that will give them access to your passwords and bank infor as well as giving them control over your computer." Our clients rely on Web 2 Market to secure their sites because Web 2 Market Magento hosting and AbleCommerce hosting are PCI compliant. Our coding follows best practices to protect our clients' sites from hackers. We've had tremendous success keeping the bad guys out. Nevertheless, that can all be undone by your warehouse employee or office staff being easily duped by a hacker with bad intentions. The good news is that protecting yourself involves a few simple good practices. ExamplesHere are a few examples to look out for:
How do I Protect Against this kind of AbleCommerce or Magento Exploit?The solutions are fairly easy. The trick is to follow them religiously. When you're busy, it's easy to skip the right process. But that's what hackers are counting on. Don't help them!
In conclusion, protecting your self against a Magento exploit like hackers, phishing attacks and spammers doesn't need to be hard. Think before you act. Follow good practices. Use common sense. And if you're not sure, contact us and we'll be glad to help. -Brad Kort, MBA President
Read more » | |