As a service provider in the ecommerce industry for the past 4 years, etailer souq have gone through many security attacks on magento ecommerce stores hosted in amazon aws ec2 server. This article is intended to throw lights in those hacking areas. This also talks about few of the remedial measures we have taken to prevent such attacks.
Why would attackers want to hack your ecommerce site?
You just have started your ecommerce journey and is gaining traction. At this juncture you would wonder why an attacker would want to hack your site. Let us see few of the reasons.
1. Attacks done by ad service agenices
This is too shoot their ad emails from your hosted site so that it would not go to the spam folder of targeted user. Ecommerce server hosting provider would take measures to prevent emails going to spam folder by following standard measures.
Attackers knows this fact and by gaining control of servers email services by any means listed below, they can land up their emails right into the inbox of targeted user.
2. Attacks done by competitor
to block the site’s access by the end customers of your online store. This way, on a major holiday sales day, your site can be blocked by your competitor.
3. Malign the sanctity of your ecommerce site
When your site is not secured, it will reduce the traffic from valid customers. Customers would churn out from your site when they find anything suspicious. For instance, during the user registration process, if the registration confirmation email falls into the spam folder of the user, then they would be suspicious about the security of your site. Thus customers would easily move out of the site with out making a purchase.
4. To incur loss to your online store
Consuming more bandwidth of your hosting would end up in significant loss. We end up in paying hefty amount to hosting provider like Amazon due to the unintended usage of your site.
5. Done by various ecommerce service provider
This is to approach the key person of the site without having to identify the email ids of key contact person. As the email id’s of administrators and key contact person are already set in the contact us form, one would need to enter the subject and the body of the service.
Common security attacks on magento store
Attack 1 – Junk user registration with valid customer emails
Through this attack, one can send spam emails to valid email id’s from your ecommerce hosted server. The marketing link is bind to first name or other fields, so that the recepient of this spam may click the marketing email and navigate to a fraudulant site.
Attack 2 – Outbound reference link injection
Another attack we faced is the reference link binding of your content with external website. This link binding is non solicitory and injected into your cms content. Intention of the attacker is to increase the external link building of targeted website and increase the search ranking. We cannot easily identify this kind of attack as the reference link will be a shortened url as shown in the screenshot.
Attack 3 – Incoming marketing mails through contact us
This is an unsolicitory approach which many new gen marketing team adopts. Through this one can easily shoot marketing emails to the key administrators or partners of the ecommerce site as in most of the cases, the major partners email id also would have set to recieve the emails generated from contact us form.
Attack 4 – Bandwidth & iOps exhaustion by automated access
The access to the storage is defined by a measure ‘input output per second’, generally termed as iops. In most of the cases the hosting administrator would have created a default iops for the data access and would easily get exhausted in case of a sudden spike in transaction per second. In case of Amazon AWS, the access will be suspended until there is a balance iops left out. So the attacker can easily increase the site traffic by various mechanism and put the site into trouble for some hours or even a day that too when there is a promoted holiday sales is planned.
Attack 5 – Writing junk contents to public directory to exhaust the storage space
The characteristic of this junk images injection to the public folder of the site is by duplicating the product images infinitely. This way one can exhaust your storage space and make all the major services like mysql db threads to go down graciously as there wont be enough storage resource left out in the device.
Attack 6 – Sending email to other users using sendmail services
When the attacker gain access to send mail services through some means, they start sending junk mails. This would lead to black listing of the server ip. This lead to all emails including the genuine transaction emails originated from the server to go to spam folder of targeted user. This way one can degrade the sanctity and genuinety of the site and there by making the end user doubt about the safety of the site.