1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.
  2. Better Analytics for WordPress Get It Free

Trend Micro IP attempted hack?

Discussion in 'Security' started by lemonsquad, May 20, 2012.

  1. #1
    So I have a site that allows customers to order a product, simple one page deal.

    Occasionally I would see duplicate orders. So I monitored it and found out almost all the time it was from someone trying to session highjack.

    Wrote a function to prevent it and for the most part fixed it. Found and issue in it a week later and let it sit to see if anyone would get thru it. Sure enough they did.

    Here is the messed up part. The ip was 150.70.172.204 and its a Trend Micro server.

    Why would a security firms server try and resubmit data a customer from North Carolina submitted on my site. The data is identical except for the browser and IP address.

    The time difference in the submissions are about 20 minutes apart, from when the customer hit submit and then the server from Trend Micro attempted to send it in.

    I since patched the code to prevent this issue.


    Can someone explain why a security firm attempted to resubmit customer data on my site? Is this a attempted hack? Does Trend pull user data and submit on their end?
     
    lemonsquad, May 20, 2012 IP
  2. kulik

    kulik Member

    Messages:
    162
    Likes Received:
    18
    Best Answers:
    1
    Trophy Points:
    45
    #2
    Where do you see Trend Micro? I see some random IP in Japan, probably trying to exploit your PayPal payment system using Tamper Data at first guess. You need to work with PayPal IPN fraud checks in your code for this.
     
    kulik, May 20, 2012 IP
  3. lemonsquad

    lemonsquad Greenhorn Affiliate Manager

    Messages:
    42
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #3
    I ran an ip check on numberous ip check sites, all saying Trend Micro owns the the IP.

    Paypal has nothing to do with it. In fact customer didn't use paypal to process the transaction so....
     
    lemonsquad, May 20, 2012 IP
  4. lemonsquad

    lemonsquad Greenhorn Affiliate Manager

    Messages:
    42
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #4
    lemonsquad, May 20, 2012 IP
  5. kulik

    kulik Member

    Messages:
    162
    Likes Received:
    18
    Best Answers:
    1
    Trophy Points:
    45
    #5
    I don't know what the hell I was on about, disregard that. Sounds like it's a Trend Micro issue and nothing you can fix, except maybe block their IP ranges.
     
    kulik, May 21, 2012 IP
  6. lemonsquad

    lemonsquad Greenhorn Affiliate Manager

    Messages:
    42
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #6
    Besides blocking, I came up with a solution to prevent it even if they have a different ip.

    During checkout create a random token as a session var. Paste into one of the input vars value in the form.

    When the user submits the form the server will make sure the session var matches the input var, if not then drop the checkout and kick the user to start all over.
     
    lemonsquad, May 22, 2012 IP