OpenCart Checkout Hack Authorize.net

Posted by Paul on October 4, 2018

We have recently been contacted by several different companies (some existing clients, some totally new to us) who have noticed extra payment gateways or errors on the checkout. This unfortunately is a tell tale sign that the site has been hacked. In almost all of these cases the attacker has modified either the authorize.net (aim) or PayPal Pro payment gateways to harvest customer credit card information.

The attackers will almost always leave additonal backdoors dotted around the site which can be very tricky to detect. These can include:

Modifying the admin login procedure to email admin credentials to an email address.
Adding a master password to allow them access to the admin without a user account.
Hiding simple html forms which allow them to upload files or execute commands on the server.

We have come across many other examples (some which are extremely clever).

What to Look Out For

Payment gateways in the checkout which you haven't enabled.
A message at the top of the site saying something like "merchant ID disabled".
Customers alerting you that their card details have been stolen.
Missing payment gateways (specifically authorize.net (aim) or PayPal pro) on the Extensions > Payment page.

How did they get in?

It's almost impossible to say after the event, but we think it's likely to be weak passwords rather than a vulnerability in OpenCart itself. Password cracking has become significantly better in recent years, so you must use a VERY strong password as described in my blog article here:
https://www.antropy.co.uk/blog/are-passwords-with-numbers-instead-of-letters-secure/

If you do have raw server access logs that go back far enough, an experienced developer / security expert may be able to determine exactly how they got in by looking at what incoming requests were made to the server around the time that files were modified.

You're Not Alone

You can see from the OpenCart forum threads below that it has affected lots of people and although it is a terrible thing and you should increase your security, it's very clear from the news these days that no one is immune from hacking, so rather than feel guilty you should fight back with stronger security and let your customers know ASAP. Unless your passwords were all "admin" or "password" it probably wasn't entirely your fault.

OpenCart Forum Related Topics

What to do next?

Put the site in to maintenance mode so no one else is affected.
Remove all malicious code - easier said than done, it tends to take us 1/2 day or more.
Change all passwords: FTP, hosting control panel, OpenCart admin, database.
Find out which customers placed orders since the offending files were modified and let them know what happened.
Make sure you're running the latest version of PHP as ~5.3 had a vulnerability that allowed hackers to upload a file.
Install some method of monitoring your site for file changes - we offer a piece of software to do this - get in touch to find out more.
Once you're sure all malicious code has been removed, re-enable the store.
Report it here https://www.actionfraud.police.uk/report-a-fraud-including-online-crime

Update 2019-07-29

Since being approached by quite a few store owners to urgently help with hacked websites, we formed a partnership with Astra who specialize in website security and are better set up to respond.

They have written this great article on the payment method hacks described above and we recommend that you contact them immediately if your website has been hit by this attack via their contact page: Contact Astra

blog comments powered by Disqus

Testimonials

Thank you all for the hard work, it has paid off, it looks good. The logo is great to promote the practice and the website we can be proud of. Thank you again.

Biddy Arnott, Group Analytic Practice Ltd

Taken on both smaller and large projects to a very high standard. Delivered on time, with a professional level of service. Always better than we envisioned. Staff are always ready to help with any issues we have. Really pleased with the results of Antropy, and hopefully we can do more business together in the future!

Josh, Toyland Toyshop

Excellent company with outstanding knowledge of opencart and how to get the best from it. If you are looking for a reliable and professional company to work with I wouldn't hesitate to recommend these guys.

Ashley Morrison, Lockertek

Wow, I am speechless. Thank you so much, this is perfect !!!! Thank you, thank you !!!

Marios Pantelli, Sewing Machine Company

Very impressed with the quick service! There is nothing more we need help with right now but we would certainly use you in the future for other issues or alterations we may have. Thank you very much!

Jemma, Aquafayre

We worked with Antropy on our new webshop at kikgoes.nl in the past months. We have enjoyed working with them because of their extensive knowledge of Opencart and the rapid pace of development. We regularly added requirements to the projects and we've never had anything that couldn't be done. We look forward to working with Antropy again for new projects or adjustments to our webshop!

Joël van Daalen, Kik Cycleparts

The deliveries are now incredibly clear and there is no more admin work on this side which is excellent. It’s amazing really and I think our customers enjoy knowing exactly when they are getting it unlike nearly every other furniture company out there! Thanks for this.

Jonathan Haskins, Get Laid Beds

Always helpful and extremely responsive to any request and once the project has been rolled out they continue to assist you with great help and advice to make the most of your website

Jamie Chandler, Newvotek

Thanks again for all your hard work on the 3D renders … the results have been fantastic and I look forward to working together again in the future.

Kim, Kimberley-Jane: Design

Good to work with, very straight forward

Grant Berry, Home World

Firstly, thanks ever so much to you and your team for getting these two sites up and running. It’s a pleasure to work with people who are so helpful and responsive to our requirements. We’re very happy with both sites and all seems to be working fine.

Aidan, Nauticalia

Just wanted to say a big thank you for all your help and support thus far. You've been absolutely brilliant. You've given me absolute confidence that when there is a problem it is sorted which really gives me peace of mind.

Tracy, FLUX

Antropy not only gave freely of their time to talk with me, they had the patience to teach me as we went along. They came up with various ideas that allowed me to choose what I liked best and with their guidance we got exactly the website we dreamed about.

David, RC Geeks

We recently started using Antropy for our OpenCart website as internal IT is swamped and we needed back up and they have been great. Work is quick and efficient, we never need to ask for something twice and communication is good. Gives us confidence that when we need something to be done, it will be and to a high standard.

Dominic Old, The Wasabi Company

Excellent work, delivered in a friendly and consultative way throughout the whole process. For a small company such as my own it was great to be guided through the process, and all my requests were responded to and I felt involved from start to finish.

Phil Saville, Rook Systems

Thanks for your hard work, it's very much appreciated.

Colin Farndale, CJF Motorcycles

We are really delighted with the finished product, it has far exceeded our expectations... Many thanks again for your support and setting up what I feel is the best Alzheimer's website in the country.

Lynne, MK Alzheimer's

After many years of trying to update my website, dealing with problematic code, delays, etc, I found Antropy about 10 years ago. I can not say enough great things about the quality of their coding and stability of my website along with the professionalism of their staff. I now have a well functioning website that has stood the test of time. Our site is an e-commerce site so that having it up and running is crucial to our business. On the rare occasion that there is a problem with the site, Antropy's team is quick and responsive to finding the problem and fixing it quickly.

Lynn Reznick, Off The Mark

Merged two previously HUGE separate sites (website and webstore) into one streamlined website with integrated store, with improved social media and mailing list results. Joe helped communicate complicated jargon into simpler terms, solved issues/queries quickly, and the follow up support has been invaluable.

Jo, Cold Spring Records

We found Antropy to be very responsive and approachable to work with. They gladly took our own designs and transformed them into an easy-to-manage website. Communication was easy and any requests for change were promptly done. Many thanks for the work!

John Caiger, Matraxis

OpenCart Checkout Hack Authorize.net

What to Look Out For

How did they get in?

You're Not Alone

OpenCart Forum Related Topics

What to do next?

Update 2019-07-29

Testimonials

Services

About

Contact

Social