Modernperformance unsecured site?
-
- 2009 Gold Contributor
- Posts: 3165
- Joined: Sat Sep 01, 2007 11:08 pm
- Location: Austin, Tx
- Contact:
http://forums.neons.org/viewtopic.php?t ... highlight=
Thread from the Other.org I posted in it as well. Looks like Cory doesn't really care about the issue.
Thread from the Other.org I posted in it as well. Looks like Cory doesn't really care about the issue.
It's one thing to defend the integrity of your business. It's a total different story when you bullshit your customers and cover up complaints.
How can i be so sure? First me and my friends have extensive web script experience. One of my buddies works in the online credit fraud protection industry. We simply looked at a stock install and did a few minutes of toying around. We then registered on modern and put in a fake credit card for our registration (we didnt buy anything). The credit card in our profile was immediately accepted. If the card was not stored in the database it would have been checked for authenticity through the credit card company and would have been rejected. This means it is stored in the database and then checked for authenticity when an order is placed.
Even if they had some sort of script that would remove the credit card info from the database, that probably wouldn't help new registrants. Has there been anyone here that has ordered from their cart more than once? Is your credit card number shown on your second order without you having to enter it?
Anyone with a case of mild retardation can go on google and search for zen cart vulnerabilities, xss or hacks. Here is a nice example of a quick, lame exploit that, so far, has not been fixed.
http://packetstormsecurity.org/0805-exp ... rt-sql.txt
there are also tons of credit card database dumps that are regularly sold on cardingzone.org. Sometimes for as little as $2US per card number. Eventually, if the banks and credit card companies find out that his website is not secure, he is going to be held liable for at least part of the charges.
First of all. with just a little casual browsing and looking at the variables in the urls. The software is a standard zen cart installation. There seems to be no special hacks or addons to the scripts. Second, the credit card info IS stored in the mysql database.Modernceo wrote:For those of you concerned about credit card fraud and entering your credit card on the internet..
1) We use a SECURE connection between you and our server so that your personal information and credit card information cannot be intercepted.
2) We use a program that deletes your credit numbers on our server, so that credit card numbers are not stored in our shopping cart server. This way, in the remote case someone was to hack into the server, there would be no credit card information for them to steal in the first place.
3) We consistently keep track of the computers that are used to access our cart server, and access is limited, and its TRACKED. If any unauthorized computers are used, we are notified immediately.
WE PUT YOUR PERSONAL INFORMATION, AND CREDIT CARD NUMBERS AT OUR HIGHEST LEVEL OF RESPECT, AND SECURITY.
How can i be so sure? First me and my friends have extensive web script experience. One of my buddies works in the online credit fraud protection industry. We simply looked at a stock install and did a few minutes of toying around. We then registered on modern and put in a fake credit card for our registration (we didnt buy anything). The credit card in our profile was immediately accepted. If the card was not stored in the database it would have been checked for authenticity through the credit card company and would have been rejected. This means it is stored in the database and then checked for authenticity when an order is placed.
Even if they had some sort of script that would remove the credit card info from the database, that probably wouldn't help new registrants. Has there been anyone here that has ordered from their cart more than once? Is your credit card number shown on your second order without you having to enter it?
Anyone with a case of mild retardation can go on google and search for zen cart vulnerabilities, xss or hacks. Here is a nice example of a quick, lame exploit that, so far, has not been fixed.
http://packetstormsecurity.org/0805-exp ... rt-sql.txt
there are also tons of credit card database dumps that are regularly sold on cardingzone.org. Sometimes for as little as $2US per card number. Eventually, if the banks and credit card companies find out that his website is not secure, he is going to be held liable for at least part of the charges.
-
- 2010 Platinum Contributor
- Posts: 8357
- Joined: Tue Aug 22, 2006 8:43 pm
- Location: Toledo, OH
-
- 2GN Member
- Posts: 2847
- Joined: Mon Jan 01, 2007 8:12 pm
- Location: Kansas City
I just gave them a lot of money, and I still have parts to get. They seem to have a monopoly on the neon parts market. Is there anywhere else to get them from?
Also, can anyone confirm that the 3" O2 housing mounting holes are too big for the stock studs and bolts? I checked it several times and the stock studs DO NOT FIT, even though they've told me that they should.
Also, can anyone confirm that the 3" O2 housing mounting holes are too big for the stock studs and bolts? I checked it several times and the stock studs DO NOT FIT, even though they've told me that they should.
FEEDBACK
Adionik wrote:On a 100% stock SRT engine i've seen detonation on 93 octane, I know what i'm talking about.
- MyNeonSaysHi
- 2GN Veteran
- Posts: 12090
- Joined: Mon May 23, 2005 8:46 pm
- Location: Kansas
-
- 2GN Member
- Posts: 2847
- Joined: Mon Jan 01, 2007 8:12 pm
- Location: Kansas City
You know, they are part of the BBB.
FEEDBACK
Adionik wrote:On a 100% stock SRT engine i've seen detonation on 93 octane, I know what i'm talking about.
- Diablo0
- 2GN.org Owner/Admin
- Posts: 12576
- Joined: Thu Apr 15, 2004 11:20 pm
- Location: Greenville, SC
- Contact:
They fit, but they are small for the holes... at least mine were when I bought it back in 05 (I think) The other issue some have reported, which I've had as well, is that it loosens at the turbo/manifold over time. I would tighten it up then after a few months of driving I'd check it and sure enough it was loose again. To fix the problem I told someone that works in the nut manufacturing industry the situation and they sent me some locking nuts which so far have worked fine to hold it tight.yellowpatrol wrote:Also, can anyone confirm that the 3" O2 housing mounting holes are too big for the stock studs and bolts? I checked it several times and the stock studs DO NOT FIT, even though they've told me that they should.
Back on the topic though, as I mentioned before.... there appears to be a trend here, however there is still no hard proof so this is all speculation that Modern is the source of this.
-Jason
Black '02 Neon R/T | White '02 Neon R/T - SRT-4 Engine Swap
^^^ no, that isn't what I look like haha
Try not to become a man of success but rather to become a man of value. - Albert Einstein
Black '02 Neon R/T | White '02 Neon R/T - SRT-4 Engine Swap
^^^ no, that isn't what I look like haha
Try not to become a man of success but rather to become a man of value. - Albert Einstein
-
- 2GN Member
- Posts: 682
- Joined: Fri Nov 16, 2007 10:34 pm
- Location: Wisconsin
my mom and girlfriend both got money taken off of thier cards after ordering form modern...we called and they said that they have a very secure site, if you ask me i think it was from them.
its the only charges they have in commpn and the fraud charges started happening a month or so after ordering online.
i am def goin to be calling any orders in and not using the net!!
its the only charges they have in commpn and the fraud charges started happening a month or so after ordering online.
i am def goin to be calling any orders in and not using the net!!
Feedback: viewtopic.php?t=48146
^^Click to see all of the offered products^^
Amsoil dealer. I can get you great prices on all amsoil products! send me a pm
^^Click to see all of the offered products^^
Amsoil dealer. I can get you great prices on all amsoil products! send me a pm
-
- Junior Admin
- Posts: 16126
- Joined: Sun Oct 24, 2004 8:53 pm
- Location: Baltimore, MD
- Contact:
Kind of defeats the purpose of an online store though doesn't it?
-Frank
Member of Spork Racing
Forum issues: racer12306@2gn.org
Forum Behavior
Support your favorite forum, DONATE!
Member of Spork Racing
Forum issues: racer12306@2gn.org
Forum Behavior
Support your favorite forum, DONATE!
well i ordered some parts off these guys an guess what my debit card number got stolen and some ass clown tried to charge $700 to my account! im gland my bank called an asked if i was in mexico!! MP is closed rt now but when they open im gonna be given these guys a call! and yes i know it was off there site bc its the only place i have used my debit card in the last week . this is a great experience for buying shit for the first time off of the internet!.. any ways my bank rejected the purchase so i didnt lose 700$ but now idk if ill order from them again! ordered parts on 5-16-08 dc got jacked on 5-20-08
-
- 2GN Member
- Posts: 682
- Joined: Fri Nov 16, 2007 10:34 pm
- Location: Wisconsin
^^^i would try to NEVER use debit cards on the internet...credit cards are sooo much safer and they are better at getting you your money back if you do get some taken
Feedback: viewtopic.php?t=48146
^^Click to see all of the offered products^^
Amsoil dealer. I can get you great prices on all amsoil products! send me a pm
^^Click to see all of the offered products^^
Amsoil dealer. I can get you great prices on all amsoil products! send me a pm
well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....
i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!
i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!
-
- 2009 Gold Contributor
- Posts: 3165
- Joined: Sat Sep 01, 2007 11:08 pm
- Location: Austin, Tx
- Contact:
Name or shipping address would have made me happy too... but no beans.cbjones26 wrote: i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!
ZeroChad wrote:Name or shipping address would have made me happy too... but no beans.cbjones26 wrote: i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont release the guys name!!
shipping addy could be fake though! same for the name ... i wanna find out who he is though.. bc ill take a trip to see him with my good sledge hammer bust his knee caps an his hands!!
- Diablo0
- 2GN.org Owner/Admin
- Posts: 12576
- Joined: Thu Apr 15, 2004 11:20 pm
- Location: Greenville, SC
- Contact:
Curious to know if anyone will say what their info was used for. I know some said CCBill but has anyone noticed any specific locations where the info may have been used? For instance, mine was used for FedEx out of Tennessee.
-Jason
Black '02 Neon R/T | White '02 Neon R/T - SRT-4 Engine Swap
^^^ no, that isn't what I look like haha
Try not to become a man of success but rather to become a man of value. - Albert Einstein
Black '02 Neon R/T | White '02 Neon R/T - SRT-4 Engine Swap
^^^ no, that isn't what I look like haha
Try not to become a man of success but rather to become a man of value. - Albert Einstein
Id like to address your concerns over purchases at Modern Performance here.
First off, we take everyones private data very seriously. We also take credit card security seriously.
Heres a few of the multiple things we do to protect your security.
- All critical data is not stored on the cart server, and is deleted.
- We have a third party security scanning company that looks for any back entry doors, loopholes and or other security risks.
- We have a full time, dedicated computer that is ONLY for Modern Performance and no other companies websites.
- We routinely check the logs to make sure no one else but our approved computers are accessing data.
- We periodically change passwords for all logins.
- We use a SSL encrypted security gateway to encrypt credit card data
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.
To further increase security, we are making several more steps to further safety and security on our cart.
Cbjones26,
I have reviewed the recorded phone call in which you called and threatened us twice to "spread slander across the internet and every chat forum you could".
No one hung up on you, and the last words our operator said to you was "Thank you for your call Chris, bye bye" and then hung up.
I know you could be upset over what happened to you, and its easy to forget little details, or make assumptions when your upset.
If youd like, I can email you the recorded phone call for you to review again privately.
[quote="cbjones26"]well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....
i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!![/quote]
First off, we take everyones private data very seriously. We also take credit card security seriously.
Heres a few of the multiple things we do to protect your security.
- All critical data is not stored on the cart server, and is deleted.
- We have a third party security scanning company that looks for any back entry doors, loopholes and or other security risks.
- We have a full time, dedicated computer that is ONLY for Modern Performance and no other companies websites.
- We routinely check the logs to make sure no one else but our approved computers are accessing data.
- We periodically change passwords for all logins.
- We use a SSL encrypted security gateway to encrypt credit card data
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.
To further increase security, we are making several more steps to further safety and security on our cart.
Cbjones26,
I have reviewed the recorded phone call in which you called and threatened us twice to "spread slander across the internet and every chat forum you could".
No one hung up on you, and the last words our operator said to you was "Thank you for your call Chris, bye bye" and then hung up.
I know you could be upset over what happened to you, and its easy to forget little details, or make assumptions when your upset.
If youd like, I can email you the recorded phone call for you to review again privately.
[quote="cbjones26"]well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....
i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!![/quote]
- MyNeonSaysHi
- 2GN Veteran
- Posts: 12090
- Joined: Mon May 23, 2005 8:46 pm
- Location: Kansas
-
- 2009 Gold Contributor
- Posts: 3165
- Joined: Sat Sep 01, 2007 11:08 pm
- Location: Austin, Tx
- Contact:
Old Navy online and some DCx footwear or something.Diablo0 wrote:Curious to know if anyone will say what their info was used for. I know some said CCBill but has anyone noticed any specific locations where the info may have been used? For instance, mine was used for FedEx out of Tennessee.
ModernCeo - I beleive we all are aware of your current situation to protect buyer security. I think the real question on peoples minds is: "Do you acknowledge that there is a possilbe problem allowing hackers to compromise credit card information?"