RSS Feed
News
Apr
20
Social Engineering – The Best AbleCommerce or Magento Exploit
Posted by Brad Kort on Apr 20 2017 16:47

I just returned from the HostingCon conference in Los Angeles. The keynote speech was an impressive presentation by Kevin Mitnick, the renowned hacker. It was a fascinating presentation, including gems like finding the social security number of a random audience member. It took him 90 seconds to find that, his mother's maiden name, phone numbers, addresses and more. However, my key take away is that social engineering is the number one Magento exploit. Security experts report 100% success rates in penetrating companies if they use social engineering. And, it's something you can easily protect your site from.

What is Social Engineering

According to WebRoot, social engineering is "the art of manipulating people so they give up confidential info. The types of info these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank info, or access your computer to secretly install malicious software–that will give them access to your passwords and bank infor as well as giving them control over your computer." Our clients rely on Web 2 Market to secure their sites because Web 2 Market Magento hosting and AbleCommerce hosting are PCI compliant. Our coding follows best practices to protect our clients' sites from hackers. We've had tremendous success keeping the bad guys out. Nevertheless, that can all be undone by your warehouse employee or office staff being easily duped by a hacker with bad intentions. The good news is that protecting yourself involves a few simple good practices.

Examples

Here are a few examples to look out for:

  • Emails that ask for personal info, like names, addresses, passwords and logins. The hacker then uses this info to gain further access to your systems.
  • Emails that provide link to a domain name LIKE a legitimate domain name. For example, Ebayrewards.com. Or links using domain shorteners like bit.ly. These links send you to malicious sites where you can be tricked into providing systems info.
  • Phone calls from someone posing to be from AT&T, or Web 2 Market, or your bank. The hacker tricks you into providing private data.
  • Offers of free software from unverified sources. The software gathers keystrokes, account info or even uses your computer's camera to spy on you.
  • Finally, memory sticks or DVDs found lying on the ground. These can contain malicious code whch hack your system automatically, as a result.

How do I Protect Against this kind of AbleCommerce or Magento Exploit?

The solutions are fairly easy. The trick is to follow them religiously. When you're busy, it's easy to skip the right process. But that's what hackers are counting on. Don't help them!

  • Don't trust email from people you don't know. And even if it seems to be from someone you know, don't send sensitive info via email.
  • If an offer seems to be to good to be true, it probably isn't a good offer.
  • Don't open attachments from untrusted sources, even if it seems OK.
  • If in doubt, check the identity of a phone caller, or the person sending you an email.
  • Install antivirus software. There are many good, free software packages, like AVG.  Virus will consequently not be able to share your system info.
  • Finally, create a privacy policy for your website and your business. This will help you define the info you need to protect.  This is especially relevant if you have an ecommerce site.

In conclusion, protecting your self against a Magento exploit like hackers, phishing attacks and spammers doesn't need to be hard. Think before you act. Follow good practices. Use common sense. And if you're not sure, contact us and we'll be glad to help.

-Brad Kort, MBA

President

 


Read more »



Feb
24
W2M Digital Marketing Webinar
Posted by Brad Kort on Feb 24 2017 15:15

 

The Copy on Your eCommerce Site is Killing Your Traffic, and You Don't Even Know It

A live webinar from Web 2 Market

Join the Web 2 Market Digital Marketing Experts
To compete against giant retailers like Amazon, today's online retailer needs cost-effective competitive tools. Every day you're creating content on your site. Written well, your copy will give you a competitive advantage. This webinar will:
  • Show you how content improves SEO
  • The benefits of targeting a single idea per page
  • How simple HTML can improve each product rank in Google
  • Why good content grows traffic and sales
We'll also have a Q & A session in which you can get answers for difficult SEO questions.

Who's talking?

George Vander Woude, MBA - George is an expert in business, digital marketing in particular. His career has included stints in finance, as a two time entrepreneur and for the last 8 years as a digital marketer. He brings a passion for helping businesses grow traffic and sales.

Brad Kort, MBA - As President of Web 2 Market, Brad has worked with hundreds of clients over the last 20 years. He has a broad range of eCommerce experience, including: coding in a variety of languages, systems management, marketing and sales. As always, his goal is to help clients sell more and manage better.

When:
Friday, March 3rd, 11 am CT.
 

Read more »



Jun
27
Transitioning to SFTP
Posted by Brad Kort on Jun 27 2016 16:31

In our ongoing drive to provide maximum security for our clients and their customers, we've begun implementing SFTP.  SFTP is an acronym for Secure File Transfer Protocol.  In an effort to encrypt everything coming into, and going out of Web 2 Market servers, SFTP will replace good old FTP in the next month.

Benefits of SFTP

As you might imagine, encrypting the transmission of files and data is important.  Encrypting the files will prevent 'Man in the Middle' attacks.  Even if a hacker were to intercept the files, decrypting them will be impractical.  However, SFTP also provides some other benefits:

  • Public key authentication - ensures that the person on the other end is who they say they are.
  • Data integrity and authenticity checks - verifies that the files are not corrupted or modified in transmission
  • Host authentication - verifies that the host you send the files to is actually a Web 2 Market server
  • Legal compliance - SFTP is required by regulations and industry standards like HIPAA, SOX, GLBA, EU Data Protection, PCI-DSS, and Australian Privacy Principles

Timeline

Web 2 Market staff will be in touch will all our hosting clients in the next few weeks with details.  The old FTP connections will be left running for a month, then disabled.  If you have any questions about the process, please contact Joseph Phillips at jphillips@web2market.com or 708-653-3100 extension 208.

 


Read more »



Mar
15
GoDaddy DNS Issues
Posted by Brad Kort on Mar 15 2016 10:56

If your site uses GoDaddy for DNS services, it may not resolve properly.  We've observed several client sites not responding intermittently.  Since a GoDaddy issue, we await their resolution.


Read more »



Mar
4
2016 merchant security upgrades
Posted by Brad Kort on Mar 04 2016 15:56

If your site uses PayPal, you've probably received an email message that looks like the message below.  No need to be concerned, we've already updated our servers and PayPal will continue to work for you, in 2016 and beyond.

If you have any questions regarding this, feel free to open a ticket and we'll be glad to help.

 

2016 merchant security upgrades

Brad Kort,

We recently announced several security upgrades planned for this year, some of which may require you to make changes to your integration. You’re receiving this email because we’ve identified areas of your integration that may need to be upgraded.

What you’re about to read is very technical in nature – we understand that. Please contact the parties responsible for your PayPal integration, or your third...


Read more »



Jan
13
USPS Rate Changes for AbleCommerce Customers 1/17/16
Posted by Rose Pilny on Jan 13 2016 13:14

For AbleCommerce Customers – an email sent to all hosted customers on 1/13/16 regarding USPS Rate & Service Changes Effective 1/17/16.

 

As you may already know,  on January 18th   2016, USPS will update their rates and services. What this means for you

depends on what release/build of AbleCommerce you are running on. Below please find a breakdown.

 

For AC Gold –

AbleCommerce has released a patch that needs to be applied to your site on Monday, Jan. 18th. As part of your hosting services that Web 2 Market provides, we will patch your site

as quickly as we can that morning.

 

AbleCommerce has informed us that the following changes will affect AC Gold websites:

  •         Priority Mail Express Flat Rate Box service has been discontinued.  Please check your website and if you have this service enabled, please deactivate it before Monday.
  •         The service called USPS Standard Post is changing its name to USPS Retail Ground.

 

 

For All sites running 7.0.X –

AbleCommerce will not be releasing a patch for your website. So we are unsure if USPS will continue to work on your website or not beyond Monday, January 18th.  We highly recommend that

you check your shipping methods and make sure that you have an alternate shipping carrier and/or shipping service enabled that will work on Monday in case USPS stops working all together.  We suspect that as of Monday,

USPS Standard Post will stop working along with the discontinued service Priority Mail Express Flat Rate Box service.  If you need assistance with setting up a new shipping carrier or shipping methods, please enter a helpdesk ticket in our helpdesk.

 

Thank you in advance for checking on your shipping methods as soon as you can to ensure shipping methods will work on Monday for your website.


Read more »