Modernperformance unsecured site?

kevo · Post by **kevo** » Sat May 17, 2008 11:51 am

thank goodness someone can confirm them deleting them. And here i actually was going to offer them my services to help keep their site secure. Fuck 'em

gilly02le · Post by **gilly02le** » Sat May 17, 2008 11:59 am

yea really, not if they are going to just hide thier problems, rather then fix them..

Wenuden · Post by **Wenuden** » Sat May 17, 2008 1:03 pm

just had my info stolen and someone charged $900 in scandanavian airline tickets. Modern is the only place I've used my card online, and my cc# was used to do it over the net, so I know paypal didn't get hacked cause its linked directly to my bank account.

gilly02le · Post by **gilly02le** » Sat May 17, 2008 1:18 pm

Modern really needs to get thier shit together..

J-Villa · Post by **J-Villa** » Sat May 17, 2008 1:31 pm

email modern with a link to this thread.

ZeroChad · Post by **ZeroChad** » Sat May 17, 2008 1:55 pm

http://forums.neons.org/viewtopic.php?t ... highlight=
Thread from the Other.org I posted in it as well. Looks like Cory doesn't really care about the issue.

kevo · Post by **kevo** » Sat May 17, 2008 3:36 pm

It's one thing to defend the integrity of your business. It's a total different story when you bullshit your customers and cover up complaints.

Modernceo wrote:For those of you concerned about credit card fraud and entering your credit card on the internet..

1) We use a SECURE connection between you and our server so that your personal information and credit card information cannot be intercepted.

2) We use a program that deletes your credit numbers on our server, so that credit card numbers are not stored in our shopping cart server. This way, in the remote case someone was to hack into the server, there would be no credit card information for them to steal in the first place.

3) We consistently keep track of the computers that are used to access our cart server, and access is limited, and its TRACKED. If any unauthorized computers are used, we are notified immediately.

WE PUT YOUR PERSONAL INFORMATION, AND CREDIT CARD NUMBERS AT OUR HIGHEST LEVEL OF RESPECT, AND SECURITY.

First of all. with just a little casual browsing and looking at the variables in the urls. The software is a standard zen cart installation. There seems to be no special hacks or addons to the scripts. Second, the credit card info IS stored in the mysql database.

How can i be so sure? First me and my friends have extensive web script experience. One of my buddies works in the online credit fraud protection industry. We simply looked at a stock install and did a few minutes of toying around. We then registered on modern and put in a fake credit card for our registration (we didnt buy anything). The credit card in our profile was immediately accepted. If the card was not stored in the database it would have been checked for authenticity through the credit card company and would have been rejected. This means it is stored in the database and then checked for authenticity when an order is placed.

Even if they had some sort of script that would remove the credit card info from the database, that probably wouldn't help new registrants. Has there been anyone here that has ordered from their cart more than once? Is your credit card number shown on your second order without you having to enter it?

Anyone with a case of mild retardation can go on google and search for zen cart vulnerabilities, xss or hacks. Here is a nice example of a quick, lame exploit that, so far, has not been fixed.
http://packetstormsecurity.org/0805-exp ... rt-sql.txt

there are also tons of credit card database dumps that are regularly sold on cardingzone.org. Sometimes for as little as $2US per card number. Eventually, if the banks and credit card companies find out that his website is not secure, he is going to be held liable for at least part of the charges.

Mr Josh Zombie · Post by **Mr Josh Zombie** » Sat May 17, 2008 4:23 pm

hm... i bought some VHT nightshade stuff about a month ago.... i hope my CC doesn't get ganked......

gilly02le · Post by **gilly02le** » Sat May 17, 2008 5:53 pm

Quoted From neons.org

modernceo: Product reviews are just that, PRODUCT reviews. If someone has a product review, wether it be bad or good, post away, we leave those unmoderated.

Bullshittttt!

J-Villa · Post by **J-Villa** » Sat May 17, 2008 7:22 pm

yea wow.... starting to really loose respect for modern.

gilly02le · Post by **gilly02le** » Sat May 17, 2008 7:26 pm

yellowpatrol · Post by **yellowpatrol** » Sat May 17, 2008 7:53 pm

I just gave them a lot of money, and I still have parts to get. They seem to have a monopoly on the neon parts market. Is there anywhere else to get them from?

Also, can anyone confirm that the 3" O2 housing mounting holes are too big for the stock studs and bolts? I checked it several times and the stock studs DO NOT FIT, even though they've told me that they should.

MyNeonSaysHi · Post by **MyNeonSaysHi** » Sat May 17, 2008 8:46 pm

I just call them. Talking to real people is better.

kevo · Post by **kevo** » Sun May 18, 2008 8:59 am

J-Villa wrote:yea wow.... starting to really loose respect for modern.

It would be another story if they just said something like " we are checking it out". To outright lie and deny what's going on is not only quite ignorant but also putting more customers in jeopardy.

J-Villa · Post by **J-Villa** » Sun May 18, 2008 3:33 pm

it's funny how people on neons.org think there could be no relation. Funny how there are a bunch of people that this happened to. But no it couldn't happen from modern.

kevo · Post by **kevo** » Sun May 18, 2008 4:32 pm

J-Villa wrote:it's funny how people on neons.org think there could be no relation. Funny how there are a bunch of people that this happened to. But no it couldn't happen from modern.

rampant, blind fanboyism.

Fuzzyneon · Post by **Fuzzyneon** » Mon May 19, 2008 12:36 am

I had my card stolen after a week of buying something on there online store wow i never even thought about that O.o

yellowpatrol · Post by **yellowpatrol** » Mon May 19, 2008 9:53 am

You know, they are part of the BBB.

Post by **Diablo0** » Mon May 19, 2008 10:09 am

yellowpatrol wrote:Also, can anyone confirm that the 3" O2 housing mounting holes are too big for the stock studs and bolts? I checked it several times and the stock studs DO NOT FIT, even though they've told me that they should.

They fit, but they are small for the holes... at least mine were when I bought it back in 05 (I think) The other issue some have reported, which I've had as well, is that it loosens at the turbo/manifold over time. I would tighten it up then after a few months of driving I'd check it and sure enough it was loose again. To fix the problem I told someone that works in the nut manufacturing industry the situation and they sent me some locking nuts which so far have worked fine to hold it tight.

Back on the topic though, as I mentioned before.... there appears to be a trend here, however there is still no hard proof so this is all speculation that Modern is the source of this.

nate-00neon · Post by **nate-00neon** » Mon May 19, 2008 10:38 am

my mom and girlfriend both got money taken off of thier cards after ordering form modern...we called and they said that they have a very secure site, if you ask me i think it was from them.
its the only charges they have in commpn and the fraud charges started happening a month or so after ordering online.

i am def goin to be calling any orders in and not using the net!!

Post by **racer12306** » Mon May 19, 2008 12:01 pm

Kind of defeats the purpose of an online store though doesn't it?

cbjones26 · Post by **cbjones26** » Thu May 22, 2008 5:18 am

well i ordered some parts off these guys an guess what my debit card number got stolen and some ass clown tried to charge $700 to my account! im gland my bank called an asked if i was in mexico!! MP is closed rt now but when they open im gonna be given these guys a call! and yes i know it was off there site bc its the only place i have used my debit card in the last week . this is a great experience for buying shit for the first time off of the internet!.. any ways my bank rejected the purchase so i didnt lose 700$ but now idk if ill order from them again! ordered parts on 5-16-08 dc got jacked on 5-20-08

nate-00neon · Post by **nate-00neon** » Thu May 22, 2008 7:28 am

^^^i would try to NEVER use debit cards on the internet...credit cards are sooo much safer and they are better at getting you your money back if you do get some taken

cbjones26 · Post by **cbjones26** » Thu May 22, 2008 12:23 pm

well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....

i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!

ZeroChad · Post by **ZeroChad** » Thu May 22, 2008 12:48 pm

cbjones26 wrote: i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!

Name or shipping address would have made me happy too... but no beans.

cbjones26 · Post by **cbjones26** » Thu May 22, 2008 1:36 pm

ZeroChad wrote:
cbjones26 wrote: i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont release the guys name!!
Name or shipping address would have made me happy too... but no beans.

shipping addy could be fake though! same for the name

... i wanna find out who he is though.. bc ill take a trip to see him with my good sledge hammer bust his knee caps an his hands!!

Post by **Diablo0** » Thu May 22, 2008 2:23 pm

Curious to know if anyone will say what their info was used for. I know some said CCBill but has anyone noticed any specific locations where the info may have been used? For instance, mine was used for FedEx out of Tennessee.

modernceo · Post by **modernceo** » Thu May 22, 2008 3:18 pm

Id like to address your concerns over purchases at Modern Performance here.

First off, we take everyones private data very seriously. We also take credit card security seriously.

Heres a few of the multiple things we do to protect your security.

- All critical data is not stored on the cart server, and is deleted.
- We have a third party security scanning company that looks for any back entry doors, loopholes and or other security risks.
- We have a full time, dedicated computer that is ONLY for Modern Performance and no other companies websites.
- We routinely check the logs to make sure no one else but our approved computers are accessing data.
- We periodically change passwords for all logins.
- We use a SSL encrypted security gateway to encrypt credit card data
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.

To further increase security, we are making several more steps to further safety and security on our cart.

Cbjones26,
I have reviewed the recorded phone call in which you called and threatened us twice to "spread slander across the internet and every chat forum you could".

No one hung up on you, and the last words our operator said to you was "Thank you for your call Chris, bye bye" and then hung up.

I know you could be upset over what happened to you, and its easy to forget little details, or make assumptions when your upset.
If youd like, I can email you the recorded phone call for you to review again privately.

[quote="cbjones26"]well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....

i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!![/quote]

MyNeonSaysHi · Post by **MyNeonSaysHi** » Thu May 22, 2008 4:37 pm

I got my MPX single exhaust that I ordered over the phone. Looks great! Thanks again MPX for the great service and fast shipping.

ZeroChad · Post by **ZeroChad** » Thu May 22, 2008 4:55 pm

Diablo0 wrote:Curious to know if anyone will say what their info was used for. I know some said CCBill but has anyone noticed any specific locations where the info may have been used? For instance, mine was used for FedEx out of Tennessee.

Old Navy online and some DCx footwear or something.

ModernCeo - I beleive we all are aware of your current situation to protect buyer security. I think the real question on peoples minds is: "Do you acknowledge that there is a possilbe problem allowing hackers to compromise credit card information?"