Modernperformance unsecured site?

Have a good experience with a dealer? Have a bad experience with one? Post it here.
User avatar
kevo
2GN Member
Posts: 1282
Joined: Thu Apr 07, 2005 10:00 am

Post by kevo » Sat May 17, 2008 11:51 am

thank goodness someone can confirm them deleting them. And here i actually was going to offer them my services to help keep their site secure. Fuck 'em

gilly02le
2GN Member
Posts: 1423
Joined: Fri Oct 27, 2006 12:13 am
Location: Kingston, Ontario, Canada
Contact:

Post by gilly02le » Sat May 17, 2008 11:59 am

yea really, not if they are going to just hide thier problems, rather then fix them..
New Sig Time.

Wenuden
2GN Member
Posts: 2554
Joined: Fri Apr 06, 2007 11:53 pm
Location: Alexandria, Va

Post by Wenuden » Sat May 17, 2008 1:03 pm

just had my info stolen and someone charged $900 in scandanavian airline tickets. Modern is the only place I've used my card online, and my cc# was used to do it over the net, so I know paypal didn't get hacked cause its linked directly to my bank account.
Image

gilly02le
2GN Member
Posts: 1423
Joined: Fri Oct 27, 2006 12:13 am
Location: Kingston, Ontario, Canada
Contact:

Post by gilly02le » Sat May 17, 2008 1:18 pm

Modern really needs to get thier shit together..
New Sig Time.

J-Villa
2GN Veteran
Posts: 6880
Joined: Thu Apr 28, 2005 12:51 am
Location: Hburg, Pa

Post by J-Villa » Sat May 17, 2008 1:31 pm

email modern with a link to this thread.
Wanna Sell Me Your 2gn??
Official I sold my Neon Member #004

ZeroChad
2009 Gold Contributor
Posts: 3165
Joined: Sat Sep 01, 2007 11:08 pm
Location: Austin, Tx
Contact:

Post by ZeroChad » Sat May 17, 2008 1:55 pm

http://forums.neons.org/viewtopic.php?t=310856&highlight=
Thread from the Other.org I posted in it as well. Looks like Cory doesn't really care about the issue.
Old Neon Log | Feedback

2000 - Corvette Coupe
2002 - Neon SE Fully Built (scrapped)

User avatar
kevo
2GN Member
Posts: 1282
Joined: Thu Apr 07, 2005 10:00 am

Post by kevo » Sat May 17, 2008 3:36 pm

It's one thing to defend the integrity of your business. It's a total different story when you bullshit your customers and cover up complaints.

Modernceo wrote:For those of you concerned about credit card fraud and entering your credit card on the internet..

1) We use a SECURE connection between you and our server so that your personal information and credit card information cannot be intercepted.

2) We use a program that deletes your credit numbers on our server, so that credit card numbers are not stored in our shopping cart server. This way, in the remote case someone was to hack into the server, there would be no credit card information for them to steal in the first place.

3) We consistently keep track of the computers that are used to access our cart server, and access is limited, and its TRACKED. If any unauthorized computers are used, we are notified immediately.

WE PUT YOUR PERSONAL INFORMATION, AND CREDIT CARD NUMBERS AT OUR HIGHEST LEVEL OF RESPECT, AND SECURITY.


First of all. with just a little casual browsing and looking at the variables in the urls. The software is a standard zen cart installation. There seems to be no special hacks or addons to the scripts. Second, the credit card info IS stored in the mysql database.

How can i be so sure? First me and my friends have extensive web script experience. One of my buddies works in the online credit fraud protection industry. We simply looked at a stock install and did a few minutes of toying around. We then registered on modern and put in a fake credit card for our registration (we didnt buy anything). The credit card in our profile was immediately accepted. If the card was not stored in the database it would have been checked for authenticity through the credit card company and would have been rejected. This means it is stored in the database and then checked for authenticity when an order is placed.

Even if they had some sort of script that would remove the credit card info from the database, that probably wouldn't help new registrants. Has there been anyone here that has ordered from their cart more than once? Is your credit card number shown on your second order without you having to enter it?

Anyone with a case of mild retardation can go on google and search for zen cart vulnerabilities, xss or hacks. Here is a nice example of a quick, lame exploit that, so far, has not been fixed.
http://packetstormsecurity.org/0805-exp ... rt-sql.txt

there are also tons of credit card database dumps that are regularly sold on cardingzone.org. Sometimes for as little as $2US per card number. Eventually, if the banks and credit card companies find out that his website is not secure, he is going to be held liable for at least part of the charges.

Mr Josh Zombie
2010 Platinum Contributor
Posts: 8357
Joined: Tue Aug 22, 2006 8:43 pm
Location: Toledo, OH

Post by Mr Josh Zombie » Sat May 17, 2008 4:23 pm

hm... i bought some VHT nightshade stuff about a month ago.... i hope my CC doesn't get ganked......
Modify your Car • Modify your Body • Modify your Life

gilly02le
2GN Member
Posts: 1423
Joined: Fri Oct 27, 2006 12:13 am
Location: Kingston, Ontario, Canada
Contact:

Post by gilly02le » Sat May 17, 2008 5:53 pm

Quoted From neons.org

modernceo: Product reviews are just that, PRODUCT reviews. If someone has a product review, wether it be bad or good, post away, we leave those unmoderated.


Bullshittttt!
New Sig Time.

J-Villa
2GN Veteran
Posts: 6880
Joined: Thu Apr 28, 2005 12:51 am
Location: Hburg, Pa

Post by J-Villa » Sat May 17, 2008 7:22 pm

yea wow.... starting to really loose respect for modern.
Wanna Sell Me Your 2gn??
Official I sold my Neon Member #004

gilly02le
2GN Member
Posts: 1423
Joined: Fri Oct 27, 2006 12:13 am
Location: Kingston, Ontario, Canada
Contact:

Post by gilly02le » Sat May 17, 2008 7:26 pm

+1
New Sig Time.

yellowpatrol
2GN Member
Posts: 2847
Joined: Mon Jan 01, 2007 8:12 pm
Location: Kansas City

Post by yellowpatrol » Sat May 17, 2008 7:53 pm

I just gave them a lot of money, and I still have parts to get. They seem to have a monopoly on the neon parts market. Is there anywhere else to get them from?

Also, can anyone confirm that the 3" O2 housing mounting holes are too big for the stock studs and bolts? I checked it several times and the stock studs DO NOT FIT, even though they've told me that they should.
FEEDBACK
Image
Adionik wrote:On a 100% stock SRT engine i've seen detonation on 93 octane, I know what i'm talking about.

MyNeonSaysHi
2GN Veteran
Posts: 11409
Joined: Mon May 23, 2005 8:46 pm
Location: Kansas

Post by MyNeonSaysHi » Sat May 17, 2008 8:46 pm

I just call them. Talking to real people is better.

08 Acura TL-S
05 Neon SRT-4

User avatar
kevo
2GN Member
Posts: 1282
Joined: Thu Apr 07, 2005 10:00 am

Post by kevo » Sun May 18, 2008 8:59 am

J-Villa wrote:yea wow.... starting to really loose respect for modern.


It would be another story if they just said something like " we are checking it out". To outright lie and deny what's going on is not only quite ignorant but also putting more customers in jeopardy.

J-Villa
2GN Veteran
Posts: 6880
Joined: Thu Apr 28, 2005 12:51 am
Location: Hburg, Pa

Post by J-Villa » Sun May 18, 2008 3:33 pm

it's funny how people on neons.org think there could be no relation. Funny how there are a bunch of people that this happened to. But no it couldn't happen from modern. :slap:
Wanna Sell Me Your 2gn??
Official I sold my Neon Member #004

User avatar
kevo
2GN Member
Posts: 1282
Joined: Thu Apr 07, 2005 10:00 am

Post by kevo » Sun May 18, 2008 4:32 pm

J-Villa wrote:it's funny how people on neons.org think there could be no relation. Funny how there are a bunch of people that this happened to. But no it couldn't happen from modern. :slap:


rampant, blind fanboyism.

Fuzzyneon
2009 Silver Contributor
Posts: 4872
Joined: Fri Oct 26, 2007 12:48 am
Location: Waterford works ,NJ

Post by Fuzzyneon » Mon May 19, 2008 12:36 am

I had my card stolen after a week of buying something on there online store wow i never even thought about that O.o
Member of Spork Racing
2002 Dodge Neon
Frankenstien



yellowpatrol
2GN Member
Posts: 2847
Joined: Mon Jan 01, 2007 8:12 pm
Location: Kansas City

Post by yellowpatrol » Mon May 19, 2008 9:53 am

You know, they are part of the BBB.
FEEDBACK
Image
Adionik wrote:On a 100% stock SRT engine i've seen detonation on 93 octane, I know what i'm talking about.

User avatar
Diablo0
2GN.org Owner/Admin
Posts: 12521
Joined: Thu Apr 15, 2004 11:20 pm
Location: Greenville, SC
Contact:

Post by Diablo0 » Mon May 19, 2008 10:09 am

yellowpatrol wrote:Also, can anyone confirm that the 3" O2 housing mounting holes are too big for the stock studs and bolts? I checked it several times and the stock studs DO NOT FIT, even though they've told me that they should.

They fit, but they are small for the holes... at least mine were when I bought it back in 05 (I think) The other issue some have reported, which I've had as well, is that it loosens at the turbo/manifold over time. I would tighten it up then after a few months of driving I'd check it and sure enough it was loose again. To fix the problem I told someone that works in the nut manufacturing industry the situation and they sent me some locking nuts which so far have worked fine to hold it tight.


Back on the topic though, as I mentioned before.... there appears to be a trend here, however there is still no hard proof so this is all speculation that Modern is the source of this.
-Jason
Black '02 Neon R/T | White '02 Neon R/T - SRT-4 Engine Swap
Image
^^^ no, that isn't what I look like haha
Try not to become a man of success but rather to become a man of value. - Albert Einstein

nate-00neon
2GN Member
Posts: 682
Joined: Fri Nov 16, 2007 10:34 pm
Location: Wisconsin

Post by nate-00neon » Mon May 19, 2008 10:38 am

my mom and girlfriend both got money taken off of thier cards after ordering form modern...we called and they said that they have a very secure site, if you ask me i think it was from them.
its the only charges they have in commpn and the fraud charges started happening a month or so after ordering online.

i am def goin to be calling any orders in and not using the net!!
Feedback: viewtopic.php?t=48146

Image
^^Click to see all of the offered products^^

Amsoil dealer. I can get you great prices on all amsoil products! send me a pm

racer12306
Junior Admin
Posts: 16012
Joined: Sun Oct 24, 2004 8:53 pm
Location: Baltimore, MD
Contact:

Post by racer12306 » Mon May 19, 2008 12:01 pm

Kind of defeats the purpose of an online store though doesn't it?
-Frank
Member of Spork Racing
Forum issues: racer12306@2gn.org
Forum Behavior
Support your favorite forum, DONATE!

cbjones26
2010 Platinum Contributor
Posts: 1479
Joined: Mon Mar 24, 2008 12:03 am
Location: NY

Post by cbjones26 » Thu May 22, 2008 5:18 am

well i ordered some parts off these guys an guess what my debit card number got stolen and some ass clown tried to charge $700 to my account! im gland my bank called an asked if i was in mexico!! MP is closed rt now but when they open im gonna be given these guys a call! and yes i know it was off there site bc its the only place i have used my debit card in the last week . this is a great experience for buying shit for the first time off of the internet!.. any ways my bank rejected the purchase so i didnt lose 700$ but now idk if ill order from them again! ordered parts on 5-16-08 dc got jacked on 5-20-08

nate-00neon
2GN Member
Posts: 682
Joined: Fri Nov 16, 2007 10:34 pm
Location: Wisconsin

Post by nate-00neon » Thu May 22, 2008 7:28 am

^^^i would try to NEVER use debit cards on the internet...credit cards are sooo much safer and they are better at getting you your money back if you do get some taken
Feedback: viewtopic.php?t=48146

Image
^^Click to see all of the offered products^^

Amsoil dealer. I can get you great prices on all amsoil products! send me a pm

cbjones26
2010 Platinum Contributor
Posts: 1479
Joined: Mon Mar 24, 2008 12:03 am
Location: NY

Post by cbjones26 » Thu May 22, 2008 12:23 pm

well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....

i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!

ZeroChad
2009 Gold Contributor
Posts: 3165
Joined: Sat Sep 01, 2007 11:08 pm
Location: Austin, Tx
Contact:

Post by ZeroChad » Thu May 22, 2008 12:48 pm

cbjones26 wrote: i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!!


Name or shipping address would have made me happy too... but no beans.
Old Neon Log | Feedback

2000 - Corvette Coupe
2002 - Neon SE Fully Built (scrapped)

cbjones26
2010 Platinum Contributor
Posts: 1479
Joined: Mon Mar 24, 2008 12:03 am
Location: NY

Post by cbjones26 » Thu May 22, 2008 1:36 pm

ZeroChad wrote:
cbjones26 wrote: i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont release the guys name!!


Name or shipping address would have made me happy too... but no beans.



shipping addy could be fake though! same for the name :( ... i wanna find out who he is though.. bc ill take a trip to see him with my good sledge hammer bust his knee caps an his hands!!

User avatar
Diablo0
2GN.org Owner/Admin
Posts: 12521
Joined: Thu Apr 15, 2004 11:20 pm
Location: Greenville, SC
Contact:

Post by Diablo0 » Thu May 22, 2008 2:23 pm

Curious to know if anyone will say what their info was used for. I know some said CCBill but has anyone noticed any specific locations where the info may have been used? For instance, mine was used for FedEx out of Tennessee.
-Jason
Black '02 Neon R/T | White '02 Neon R/T - SRT-4 Engine Swap
Image
^^^ no, that isn't what I look like haha
Try not to become a man of success but rather to become a man of value. - Albert Einstein

modernceo
2GN Member
Posts: 127
Joined: Thu May 22, 2008 2:59 pm

Post by modernceo » Thu May 22, 2008 3:18 pm

Id like to address your concerns over purchases at Modern Performance here.

First off, we take everyones private data very seriously. We also take credit card security seriously.

Heres a few of the multiple things we do to protect your security.

- All critical data is not stored on the cart server, and is deleted.
- We have a third party security scanning company that looks for any back entry doors, loopholes and or other security risks.
- We have a full time, dedicated computer that is ONLY for Modern Performance and no other companies websites.
- We routinely check the logs to make sure no one else but our approved computers are accessing data.
- We periodically change passwords for all logins.
- We use a SSL encrypted security gateway to encrypt credit card data
- All confidential data is locked, and not thrown away, or shared, spread around with any other company or individual.

To further increase security, we are making several more steps to further safety and security on our cart.




Cbjones26,
I have reviewed the recorded phone call in which you called and threatened us twice to "spread slander across the internet and every chat forum you could".

No one hung up on you, and the last words our operator said to you was "Thank you for your call Chris, bye bye" and then hung up.

I know you could be upset over what happened to you, and its easy to forget little details, or make assumptions when your upset.
If youd like, I can email you the recorded phone call for you to review again privately.

[quote="cbjones26"]well i just called them an i think i hit a nerve im not the nicest person when i get pissed off! they tried giving me some bs excuse on what happened. i told them ill give them the benefit of the doubt but if i do decided to order from them again ill call it in but if anything like this happens again ill post in ever forum/ chat site not to order from them! ( not that it would do anything ppl will still order from them) but it was funny the guy got all pissed an pretty much hung the phone up on me....

i dont have a credit card!! but im thinking about getting one the prepaid credit cards u can get in walmart if i buy shit again off the net! the thing that makes me mad is the bank knows who it is an they wont releace the guys name!![/quote]

MyNeonSaysHi
2GN Veteran
Posts: 11409
Joined: Mon May 23, 2005 8:46 pm
Location: Kansas

Post by MyNeonSaysHi » Thu May 22, 2008 4:37 pm

I got my MPX single exhaust that I ordered over the phone. Looks great! Thanks again MPX for the great service and fast shipping.

08 Acura TL-S
05 Neon SRT-4

ZeroChad
2009 Gold Contributor
Posts: 3165
Joined: Sat Sep 01, 2007 11:08 pm
Location: Austin, Tx
Contact:

Post by ZeroChad » Thu May 22, 2008 4:55 pm

Diablo0 wrote:Curious to know if anyone will say what their info was used for. I know some said CCBill but has anyone noticed any specific locations where the info may have been used? For instance, mine was used for FedEx out of Tennessee.


Old Navy online and some DCx footwear or something.


ModernCeo - I beleive we all are aware of your current situation to protect buyer security. I think the real question on peoples minds is: "Do you acknowledge that there is a possilbe problem allowing hackers to compromise credit card information?"
Old Neon Log | Feedback

2000 - Corvette Coupe
2002 - Neon SE Fully Built (scrapped)

Post Reply

Return to “Vendor Feedback”