1. Click here to enter the drawing for your chance to win an Ontario Knives Spec Plus SP8 Machete Survival Knife & Ka-Bar Dozier Folding Hunter, , Bladeforums.com swag or memberships!

    Be sure to read the rules before entering, then help us decide next week's giveaway by hitting the poll in that thread! Entries close at midnight, Saturday Sept 7!

    Once the entries close, we'll live stream the drawing on Sunday, Sept 8 at 5PM Eastern. Tune in to our YouTube channel TheRealBladeForums for a chance to win bonus prizes!

    Questions? Comments? Post in the discussion thread here

ontarioknife.com security issue

Discussion in 'Ontario Knife Company' started by bghorn, Aug 25, 2019.

  1. bghorn

    bghorn

    196
    May 18, 2015
    I couldn't start conversation due to membership level or I'm just blind.
    Also OKC official account seems to be inactive.

    Today I wanted to buy few knives from OKC website and got security warning by my anti-virus program.

    [​IMG]

    To be sure it isn't false alarm I scanned it with MageReport ( https://www.magereport.com ),
    and sure enough, it's infected with credit card skimmer (see left column 5th box on the image bellow).

    So, can somebody with relevant OKC contact info notify them?

    Meanwhile, don't shop there until it's cleaned up.

    [​IMG]
     
    dirc likes this.
  2. RoadDog66

    RoadDog66

    217
    Jul 12, 2012
    Good looking out, thanks for the heads up. I don't have any contact info for OKC, but hopefully somebody does.
     
    bghorn likes this.
  3. Toooj

    Toooj

    919
    Aug 8, 2006
    bghorn,

    Thanks for the heads up.

    I just reported this to our corporate IT Manager to investigate.
    We will keep you updated.

    Best Regards,

    Paul Tsujimoto
    V.P. of Engineering
    Ontario Knife Company
     
  4. bikerector

    bikerector Gold Member Gold Member

    Nov 16, 2016
    bghorn likes this.
  5. Toooj

    Toooj

    919
    Aug 8, 2006
    All,

    Our IT Dept took our site offline yesterday and did a thorough cleansing.
    We are back on and hopefully you should not have any issues.
    Please report if you have any problems.
    Thanks to all in this community for your help.

    Best Regards,

    Paul Tsujimoto
    V.P. of Engineering
    Ontario Knife Company
     
  6. bghorn

    bghorn

    196
    May 18, 2015
    Thank you Toooj for looking into the issue.

    Is there a way to contact you directly?
    There are few more issues which I rather not post here...
     
    buckfynn likes this.
  7. Toooj

    Toooj

    919
    Aug 8, 2006
    bghorn,

    We know our online store isn't optimal. We are working on it.
    You can call the 1-800 number (1-800-222-5233) to get me.

    Best Regards,

    Paul Tsujimoto
    V.P. of Engineering
    Ontario Knife Company
     
    buckfynn likes this.
  8. bghorn

    bghorn

    196
    May 18, 2015
    Hi Toooj

    I'm not really a phone person, besides, it would be hard to explain anything to non IT people (or IT people that don't care).

    But, just to let you know (because for some unknown reason I still like OKC), your IT Dept didn't do anything but removed the CC skimmer script.

    Your Magento is still unpatched and could be easily re-infected (takes less than 15 minutes to apply patches).
    Your /dev/tests/ directory is world readable and includes files which should never be on production server.
    Your Magento admin login page is publicly accessible and has no brute force protection.
    PHP file with
    Code:
    <? phpinfo() ?>
    is world readable, for whole world to see your PHP config.
    Your PHP version is 5.5.9, which was stopped being supported in 2016 and has 21 CVEs since.
    Your 1.0.1f OpenSSL library is vulnerable (at least 20 CVEs, some with very high score).
    You have SSL3 enabled. And all of ciphers used by your protocols are old and weak.
    You are vulnerable to POODLE attacks.
    You are vulnerable to OpenSSL Padding (Oracle)
    HSTS is not enabled
    nginx is not patched
    ...etc, etc
    There's plenty more...

    In short, your server stack wasn't updated/upgraded/patched/maintained since 2016 and your Magento install is full of "shouldn't do" type of stuff...

    Hence, you have security holes so big that bad guys could sneak in an aircraft carrier.

    So far you have been lucky, but that may not last forever. Eventually something worse than skimmer script may happen.

    For the love of your customers, fix it, rather sooner than later.
     
  9. bghorn

    bghorn

    196
    May 18, 2015
    Overstatement of the year!

    You haven't done anything in last 2 weeks but removed skimmer.

    Now you're infected again! CC skimmer is back!

    You are putting your customers at risk!

    Please,
    1) Take the website down, or at least disable shopping cart
    2.) Notify customers who recently purchased from your website, that their CC info is possibly stolen
    3.) Notify all with registered account that their personally identifiable information is possibly stolen.

    For the OKC website visitors: Do not visit the OKC website, you're putting yourself at risk. CC skimmer is most likely just the tip of the iceberg.
     
  10. KennyB

    KennyB

    Jan 19, 2010
    What antivirus program are you using? Is it available for Linux? I need something for browser protection like this.

    Looked up the abuse email address for ontarioknife.com and it's only listed as "[email protected]" which doesn't seem valid. Apparently it's registered with "PERFECT PRIVACY, LLC". That's a laugh. I think OKC needs to hire a new hosting company.
     
    bghorn likes this.
  11. bghorn

    bghorn

    196
    May 18, 2015
    I'm using NOD32 by Eset. Not the best, but it has small footprint and won't slow you down. Yes, they have Linux version for major distributions, both 32 and 64 bit.

    Yeah, currently they host with Amazon EC2. They need to yank whole instance and start from scratch since everything is pretty much outdated and you can't trust it anymore. Nobody touched anything in years.

    That would definitely help. OKC's parent company (Servotronics) is hosted by Knownhost. Pretty good hoster with knowledgeable support staff.
     
  12. bghorn

    bghorn

    196
    May 18, 2015
    UPDATE:

    Yesterday, OKC removed second skimmer and patched the Magento,
    removed /dev/tests/ directory too.

    That's a start. That'll buy some time until you upgrade server stack too.
     

Share This Page