ontarioknife.com security issue

Joined
May 18, 2015
Messages
197
I couldn't start conversation due to membership level or I'm just blind.
Also OKC official account seems to be inactive.

Today I wanted to buy few knives from OKC website and got security warning by my anti-virus program.

143833.jpg


To be sure it isn't false alarm I scanned it with MageReport ( https://www.magereport.com ),
and sure enough, it's infected with credit card skimmer (see left column 5th box on the image bellow).

So, can somebody with relevant OKC contact info notify them?

Meanwhile, don't shop there until it's cleaned up.

MageReport%20com.png
 
Good looking out, thanks for the heads up. I don't have any contact info for OKC, but hopefully somebody does.
 
All,

Our IT Dept took our site offline yesterday and did a thorough cleansing.
We are back on and hopefully you should not have any issues.
Please report if you have any problems.
Thanks to all in this community for your help.

Best Regards,

Paul Tsujimoto
V.P. of Engineering
Ontario Knife Company
 
Thank you Toooj for looking into the issue.

Is there a way to contact you directly?
There are few more issues which I rather not post here...
 
bghorn,

We know our online store isn't optimal. We are working on it.
You can call the 1-800 number (1-800-222-5233) to get me.

Best Regards,

Paul Tsujimoto
V.P. of Engineering
Ontario Knife Company
 
We know our online store isn't optimal. We are working on it.
You can call the 1-800 number (1-800-222-5233) to get me.

Hi Toooj

I'm not really a phone person, besides, it would be hard to explain anything to non IT people (or IT people that don't care).

But, just to let you know (because for some unknown reason I still like OKC), your IT Dept didn't do anything but removed the CC skimmer script.

Your Magento is still unpatched and could be easily re-infected (takes less than 15 minutes to apply patches).
Your /dev/tests/ directory is world readable and includes files which should never be on production server.
Your Magento admin login page is publicly accessible and has no brute force protection.
PHP file with
Code:
<? phpinfo() ?>
is world readable, for whole world to see your PHP config.
Your PHP version is 5.5.9, which was stopped being supported in 2016 and has 21 CVEs since.
Your 1.0.1f OpenSSL library is vulnerable (at least 20 CVEs, some with very high score).
You have SSL3 enabled. And all of ciphers used by your protocols are old and weak.
You are vulnerable to POODLE attacks.
You are vulnerable to OpenSSL Padding (Oracle)
HSTS is not enabled
nginx is not patched
...etc, etc
There's plenty more...

In short, your server stack wasn't updated/upgraded/patched/maintained since 2016 and your Magento install is full of "shouldn't do" type of stuff...

Hence, you have security holes so big that bad guys could sneak in an aircraft carrier.

So far you have been lucky, but that may not last forever. Eventually something worse than skimmer script may happen.

For the love of your customers, fix it, rather sooner than later.
 
We are working on it.

Overstatement of the year!

You haven't done anything in last 2 weeks but removed skimmer.

Now you're infected again! CC skimmer is back!

You are putting your customers at risk!

Please,
1) Take the website down, or at least disable shopping cart
2.) Notify customers who recently purchased from your website, that their CC info is possibly stolen
3.) Notify all with registered account that their personally identifiable information is possibly stolen.

For the OKC website visitors: Do not visit the OKC website, you're putting yourself at risk. CC skimmer is most likely just the tip of the iceberg.
 
What antivirus program are you using? Is it available for Linux? I need something for browser protection like this.

Looked up the abuse email address for ontarioknife.com and it's only listed as "abuse@web.com" which doesn't seem valid. Apparently it's registered with "PERFECT PRIVACY, LLC". That's a laugh. I think OKC needs to hire a new hosting company.
 
What antivirus program are you using? Is it available for Linux? I need something for browser protection like this.
I'm using NOD32 by Eset. Not the best, but it has small footprint and won't slow you down. Yes, they have Linux version for major distributions, both 32 and 64 bit.

Looked up the abuse email address for ontarioknife.com and it's only listed as "abuse@web.com" which doesn't seem valid. Apparently it's registered with "PERFECT PRIVACY, LLC". That's a laugh.
Yeah, currently they host with Amazon EC2. They need to yank whole instance and start from scratch since everything is pretty much outdated and you can't trust it anymore. Nobody touched anything in years.

I think OKC needs to hire a new hosting company.

That would definitely help. OKC's parent company (Servotronics) is hosted by Knownhost. Pretty good hoster with knowledgeable support staff.
 
UPDATE:

Yesterday, OKC removed second skimmer and patched the Magento,
removed /dev/tests/ directory too.

That's a start. That'll buy some time until you upgrade server stack too.
 
Back
Top