No Authorize.net communication

**dream_mike** · 11 May 2012, 10:34 PM

Gateway mode is set to "offsite", yes. Hmm, if hacked, then potentially someone has my userid and password for that zencart - unique to the installation, fortunately. Also the info for our auth.net account, yes? (now changed BTW)

Is there any possibility *other* than hacking to explain the behavior? Seems that a hacker seeking credit card numbers would do a better job of imitating a secure site.

**DrByte** · 11 May 2012, 10:47 PM

In checkout ,how many payment options (radio buttons) are you presented with? What are they?

In Admin->Modules->Payment, how many modules are showing green or yellow dots? Which ones, and why?

I suspect that the credit card fields you're saying you see are coming from another module.

**DrByte** · 11 May 2012, 10:48 PM

Originally Posted by dream_mike

Seems that a hacker seeking credit card numbers would do a better job of imitating a secure site.

True. But it doesn't minimize the urgency of doing an upgrade on your site, either way.

**dream_mike** · 13 May 2012, 02:08 PM

I changed the relevant password fields at Authorize.net on Friday, as soon as you mentioned the possibility of hacking. I have deleted that entire zencart installation, and am proceeding with a 1.5.0 from zencart. I am sort of expecting this problem to replicate itself with that one, but we'll see

Thank you for the caution.

Slightly off topic, I actually have another installation (multiple subdomains) without auth.net - am using it to learn how to control zencart. That one was a Dreamhost 1-click installation from about a week ago - and it is v 1.3.9h.

Is that version also known-compromised? And does anyone know why Dreamhost isn't installing the latest zencart?

**DrByte** · 13 May 2012, 03:39 PM

Originally Posted by dream_mike

Is that version also known-compromised? And does anyone know why Dreamhost isn't installing the latest zencart?

Based on my experiences, I suspect the answer is: probably just part of their general incompetence.
They never could run it securely on their servers anyway.

But this discussion thread is about Authorize.net, not DH.

**dream_mike** · 14 May 2012, 02:29 PM

Hmm. Selection of Dreamhost happened before I got involved. Could you expand a little on your "never could run it securely on their servers anyway" comment? I might need to explain this to our site sysadmin.

And thanks, again.

**DrByte** · 14 May 2012, 09:25 PM

They can't run with "Recreate Session" enabled, which thus leaves the store vulnerable to session hijacking.

Thread: No Authorize.net communication

Thread Tools

Search Thread

Display

Hybrid View

Re: No Authorize.net communication

Re: No Authorize.net communication

Re: No Authorize.net communication

Re: No Authorize.net communication

Re: No Authorize.net communication

Re: No Authorize.net communication

Re: No Authorize.net communication

Similar Threads

v151 Switching From Authorize.net (SIM) to AUthorize.net (AIM)

v150 Difference Between Authorize.net (SIM) and Authorize.net (AIM)

Authorize.net Communication Problem

Authorize.net AIM Communication Error after moving server to GoDaddy VirtualDedicated

Posting Permissions