1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

  2. Week 39 of the BladeForums.com Year of Giveaways is live! Enter to win a Cold Steel Tuff Lite & Cold Steel Prize Pack

    Click here to enter the drawing for your chance to win a Cold Steel Knives Tuff Lite & Cold Steel Merch Prize Pack , Bladeforums.com swag or memberships!
    Be sure to read the rules before entering, and help us decide next week's giveaway by hitting the poll in that thread!

    Entries will close at 11:59PM Saturday, Sept 28 ; winners will be drawn on Sunday @ 5pm on our Youtube Channel: TheRealBladeForums. Bonus prizes will be given during the livestream!


    Questions? Comments? Post in the discussion thread here
  3. Week 38 drawing for the BladeForums.com 20th Anniversary Year of Giveaways live stream, going on from 5-6PM eastern!!
    Tune in to our YouTube Channel, http://www.youtube.com/TheRealBladeforums, we'll be drawing winners for BladeForums.com merchandise & the grand prize:
    a Kizer 1034A1 Gingrich Bush Knife & Ka-Bar Dozier Folding Hunter , along with BladeForums branded gear!

    Additional prize(s) will be awarded to people in the livestream chat, so watch for your chance to win bonus prize(s)

ontarioknife.com security issue

Discussion in 'Ontario Knife Company' started by bghorn, Aug 25, 2019.

  1. bghorn

    bghorn

    196
    May 18, 2015
    I couldn't start conversation due to membership level or I'm just blind.
    Also OKC official account seems to be inactive.

    Today I wanted to buy few knives from OKC website and got security warning by my anti-virus program.

    [​IMG]

    To be sure it isn't false alarm I scanned it with MageReport ( https://www.magereport.com ),
    and sure enough, it's infected with credit card skimmer (see left column 5th box on the image bellow).

    So, can somebody with relevant OKC contact info notify them?

    Meanwhile, don't shop there until it's cleaned up.

    [​IMG]
     
    dirc likes this.
  2. RoadDog66

    RoadDog66

    211
    Jul 12, 2012
    Good looking out, thanks for the heads up. I don't have any contact info for OKC, but hopefully somebody does.
     
    bghorn likes this.
  3. Toooj

    Toooj

    917
    Aug 8, 2006
    bghorn,

    Thanks for the heads up.

    I just reported this to our corporate IT Manager to investigate.
    We will keep you updated.

    Best Regards,

    Paul Tsujimoto
    V.P. of Engineering
    Ontario Knife Company
     
  4. bikerector

    bikerector Gold Member Gold Member

    Nov 16, 2016
    bghorn likes this.
  5. Toooj

    Toooj

    917
    Aug 8, 2006
    All,

    Our IT Dept took our site offline yesterday and did a thorough cleansing.
    We are back on and hopefully you should not have any issues.
    Please report if you have any problems.
    Thanks to all in this community for your help.

    Best Regards,

    Paul Tsujimoto
    V.P. of Engineering
    Ontario Knife Company
     
  6. bghorn

    bghorn

    196
    May 18, 2015
    Thank you Toooj for looking into the issue.

    Is there a way to contact you directly?
    There are few more issues which I rather not post here...
     
    buckfynn likes this.
  7. Toooj

    Toooj

    917
    Aug 8, 2006
    bghorn,

    We know our online store isn't optimal. We are working on it.
    You can call the 1-800 number (1-800-222-5233) to get me.

    Best Regards,

    Paul Tsujimoto
    V.P. of Engineering
    Ontario Knife Company
     
    buckfynn likes this.
  8. bghorn

    bghorn

    196
    May 18, 2015
    Hi Toooj

    I'm not really a phone person, besides, it would be hard to explain anything to non IT people (or IT people that don't care).

    But, just to let you know (because for some unknown reason I still like OKC), your IT Dept didn't do anything but removed the CC skimmer script.

    Your Magento is still unpatched and could be easily re-infected (takes less than 15 minutes to apply patches).
    Your /dev/tests/ directory is world readable and includes files which should never be on production server.
    Your Magento admin login page is publicly accessible and has no brute force protection.
    PHP file with
    Code:
    <? phpinfo() ?>
    is world readable, for whole world to see your PHP config.
    Your PHP version is 5.5.9, which was stopped being supported in 2016 and has 21 CVEs since.
    Your 1.0.1f OpenSSL library is vulnerable (at least 20 CVEs, some with very high score).
    You have SSL3 enabled. And all of ciphers used by your protocols are old and weak.
    You are vulnerable to POODLE attacks.
    You are vulnerable to OpenSSL Padding (Oracle)
    HSTS is not enabled
    nginx is not patched
    ...etc, etc
    There's plenty more...

    In short, your server stack wasn't updated/upgraded/patched/maintained since 2016 and your Magento install is full of "shouldn't do" type of stuff...

    Hence, you have security holes so big that bad guys could sneak in an aircraft carrier.

    So far you have been lucky, but that may not last forever. Eventually something worse than skimmer script may happen.

    For the love of your customers, fix it, rather sooner than later.
     
  9. bghorn

    bghorn

    196
    May 18, 2015
    Overstatement of the year!

    You haven't done anything in last 2 weeks but removed skimmer.

    Now you're infected again! CC skimmer is back!

    You are putting your customers at risk!

    Please,
    1) Take the website down, or at least disable shopping cart
    2.) Notify customers who recently purchased from your website, that their CC info is possibly stolen
    3.) Notify all with registered account that their personally identifiable information is possibly stolen.

    For the OKC website visitors: Do not visit the OKC website, you're putting yourself at risk. CC skimmer is most likely just the tip of the iceberg.
     
  10. KennyB

    KennyB

    Jan 19, 2010
    What antivirus program are you using? Is it available for Linux? I need something for browser protection like this.

    Looked up the abuse email address for ontarioknife.com and it's only listed as "[email protected]" which doesn't seem valid. Apparently it's registered with "PERFECT PRIVACY, LLC". That's a laugh. I think OKC needs to hire a new hosting company.
     
    bghorn likes this.
  11. bghorn

    bghorn

    196
    May 18, 2015
    I'm using NOD32 by Eset. Not the best, but it has small footprint and won't slow you down. Yes, they have Linux version for major distributions, both 32 and 64 bit.

    Yeah, currently they host with Amazon EC2. They need to yank whole instance and start from scratch since everything is pretty much outdated and you can't trust it anymore. Nobody touched anything in years.

    That would definitely help. OKC's parent company (Servotronics) is hosted by Knownhost. Pretty good hoster with knowledgeable support staff.
     
  12. bghorn

    bghorn

    196
    May 18, 2015
    UPDATE:

    Yesterday, OKC removed second skimmer and patched the Magento,
    removed /dev/tests/ directory too.

    That's a start. That'll buy some time until you upgrade server stack too.
     

Share This Page