Has your Magento Site Been Hacked?
Researchers at Flashpoint have discovered that at least 1,000 sites running Magento have been compromised by brute force attacks to scrape credit card numbers and install malware that mines cryptocurrency. The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials. These attacks occur when admins fail to change the credentials upon installation of the platform. Attackers can then build simple, automated scripts loaded with known credentials to facilitate access of the panels.
Once the hacker has access, they are able to install any script that they choose. With this attack they are inserting malicious code in the Magento core file, allowing them access to pages where payment data is processed. POST requests to the server containing sensitive data are then intercepted and redirected to the attacker. Furthermore, the compromised sites will then return a fake adobe flash file which will install malicious malware on the victim’s computer.
If you think your site has been hacked or would like assistance with your site, please contact us! We are happy to help you secure your site. You can read more detail about these attacks in this Flashpoint Blog.
Say Goodbye to the $49 Setup Fee
Effective April 19, 2018 Authorize.net will be removing the $49 fee for all newly created Authorize.net Payment Gateway Accounts! If you’re thinking of switching or need a payment processor, Authorize.net just made their deal a whole lot sweeter. You can obtain this special pricing by using this link
We can help you with your set up or answer any questions that you might have. Contact us today for any assistance that you might need!
We also offer modules to assist you in implementing this payment processor for your shopping cart:
Magento Authorize.net CIM Module
X-Cart Authorize.net DPM Module
We cannot stress the importance of PCI Compliance & your shopping cart enough and this is a wonderful opportunity for you to take the steps to make sure your site is as secure as possible. We’ve been helping clients secure their sites and maintain PCI compliance since 2002 and can make this transition smooth for you. Contact us today!
Important Magento Support Information
Magento has released new versions of Commerce and Open Source to increase product security and functionality:
– Open Source and Commerce 2.2.3
– Open Source and Commerce 2.1.12
– Open Source and Commerce 2.0.18
– Open Source 22.214.171.124
– Commerce 126.96.36.199
– SUPEE-10570 to patch earlier 1.x versions
These releases contain almost 50 security changes that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also support API changes implemented recently by USPS. Additionally, Commerce and Open Source 2.2.3 introduce finer permissions for common cache management tasks. This enhancement enables qualified administrators to assign permissions for discrete cache management tasks such as flushing cache storage and refreshing cache types.
We strongly recommend that all merchants upgrade as soon as is reasonably possible. Please contact us to help you with your upgrade today or with any eCommerce support questions that you may have.
More information about the security changes is available on:
2.x Security Updates <http://email2.magento.com/XsX0v1G0q000DsMTC02eGJ0>
1.x and SUPEE-10570 Security Updates <http://email2.magento.com/R00XMTeGCs0020v0GKDs2q0>
Full details are
available in the Open Source release notes:
Open Source 2.2.3 <http://email2.magento.com/P000q0sGXG0vLM0s0T3DeC2>
Open Source 2.1.12 <http://email2.magento.com/m000q420M0CseXvTGsM0GD0>
Open Source 2.0.18 <http://email2.magento.com/gN0TMqX0C20eGD0sG0005sv>
Source 188.8.131.52 <http://email2.magento.com/JG2XGC0OeD0q6sT0sv000M0>
Full details are available in the Commerce release notes:
Commerce 2.2.3 <http://email2.magento.com/DGPM0070DGT00s0eXq2v0sC>
Commerce 2.1.12 <http://email2.magento.com/wGTDqMsGX0000ve800C2Q0s>
Commerce 2.0.18 <http://email2.magento.com/i9sG0qGevRX00s000TC2D0M>
Commerce 184.108.40.206 <http://email2.magento.com/tsDv2C0sGT0Xa00qGM000eS>
The staff at BCSE has a diverse skill set to make your technology visions a reality. We have experience in several eCommerce platforms and we also provide extensive hosting and customization options. Whatever you choose to do with your website, we can make it happen. Contact us for a free quote or for more information on how we can help you with all of your eCommerce Needs!
10 Tips for Web Design That Drives Sales & Contacts
The main goal of most websites is to convert online visits into sales or contacts. If your website gets a lot of traffic but you’re not seeing the conversion to sales or contacts, we can help. Utilize the following suggestions to help make your site more likely to obtain conversions and increase your sales:
- Color: Different colors target different audiences. Did you know that?
- Video: Show off your product!
- Ease of Use: Most important info above the fold and easy to find!
- Clear UVP: What’s your Unique Value Proposition?
- Trust Symbols: PayPal certification and other trusted badges!
- Free Offers: If you offer something free, make sure that comes through loud and clear!
- Short Forms: Keep it simple!
- Virtual Chat: Even if a customer doesn’t use it, the mere presence increases trust.
- Headlines: Address potential customer concerns in BOLD
- White Space: It’s a good thing! Don’t clutter your website, less is more.
BONUS: A/B Testing: Test small changes one at a time to see if there is an impact to conversions.
For more detailed explanations check out the main article. Feel free to contact us if you’d like our assistance in bringing your website in line with these suggestions!
On Tuesday December 19th, despite several staff members not feeling 100%, we had a very nice holiday party! We had a very nice luncheon as well as a first time ever, White Elephant gift exchange at the office! It was a ton of fun.
The engineers in us though found it particularly interesting that when we were done, everyone got the opposite person’s gift. So Kellen got Carrie’s gift and Carrie got Kellen’s, Lori got Lynn’s gift and Lynn got Lori’s, Terry got Stacy’s gift and Stacy got Terry’s, Luke got J.D.’s gift and J.D. got Luke’s, Brandon got Henry’s gift and Henry got Brandon’s!
We hope you have an awesome Christmas and Holiday season and a Happy New Year!
The Secret to Successful Content-Marketing In 2018 Is Having a Strategy, So Get One.
BCSE is revamping our content-marketing strategy and we’re following these great tips to guide us. Why not let us help you get your content-marketing off the ground and where you want it to be? We’ve seen a lot of changes since 2002 & want to use that experience to help you take your online presence to the next level!
Four Tips to Help you Prepare your Strategy for 2018
1. Adjust your mobile first strategy.
Switch your strategy to creating your website in a mobile friendly version and then offering desktop functionality, instead of vice versa. After all, NO ONE likes a site that is not mobile friendly & mobile will account for 80% of all internet usage in 2018
2. Get more creative and personal with your content.
Visual content is great and was huge in 2017. 2018 is the time to expand on that and feature high-quality live videos that allow the customer to see behind the scenes & operational activities.
3. Prepare for new platforms.
One word, chatbots. If you aren’t using them, let’s figure out a way to incorporate chatbots for your site. Customers love the engagement and interaction.
4. Don’t give up on email. Get better.
79 percent of marketers said email was the most successful distribution channel in 2017. This was in comparison to blogs and Social media. That means you probably just need to approach email differently in the coming year.
Contact us to help you create and implement your content-marketing strategy for 2018! For more information on this topic, read the base article in its entirety.
BCSE 12 Days of Christmas Event!
‘Tis the season to deck the halls and at our office and celebrate all that we’ve achieved this past year! Our tree is decorated and the stockings have all been hung with care. Now, it’s time to start our gift giving and we’d like to kick that off to our customers in our 12 Days of Christmas Event that will start on Monday, 12/4/17 & run through 12/19/17!
Each Day we will offer a different discount on our store that will be valid for that day only. Check back each day and get some great deals for your site! Happy Holidays and thank you for your continued support!
15 Years of Business for BCSE!
November was an exciting month for BCSE! We celebrated our 15 year anniversary with an open house and ribbon cutting at our office location at 486 Richland Avenue.
Since establishing their company in 2002 in the basement of their home, Carrie & Brandon Saunders have grown BCS Engineering to 7 full-time and 3 part-time employees providing ecommerce, shopping cart & hosting expertise to a world-wide client base. We are passionate about helping others grow their businesses and finding the right solutions to help our customers succeed!
We thank you, our customers and friends, for supporting us on this terrific journey. Here’s to many more years of serving you all near and far while also supporting our local community!
Online X-Cart Layaway Available Now!
We’ve recently rolled out a Layaway feature for our terrific customer at Hyatt Coins and have found that the interest level is high among our client base for something similar on their ecommerce stores. With the national trend of paying down debt and not running up credit card bills, we’ve seen a need for online customers to offer layaway options to their clientele. Below is an example of the layaway option that we implemented for our customer Hyatt Coins.
The layaway plan is simple and easy and allows the customer to pay for a purchase over time. They simply place their order online as they normally would, and select “Layaway” under the Payment Method.
- Items eligible for the layaway plan will have a blue button that says “Layaway Available for this Item”
- Fully customizable layaway period & terms
- Upon receipt of a predetermined non-refundable deposit, item is removed from inventory and layaway term is activated
- Layaway surcharge can be applied
- Offer shipping or pick up at your local storefront
- Special orders: You can do a layaway on special orders. A deposit will be processed and the layaway period starts when the product comes in.
- Making payments is simple and can be managed through the customer’s online account
How to Add this Feature to your Online Store
Contact us for a free quote to customize this mod specifically for your ecommerce store. Tell us what you’re thinking and we can make it work for you!
Do you have an SSL Cert on your site?
Google has been urging users to move to HTTPS encrypted sites for some time. Starting in October, if your site isn’t encrypted with an SSL cert, Google will start marking pages that collect password information or credit card information as “Not Secure” in the web browser. This will affect your Google ranking as well as your sales conversions from your site. Customers want to be sure that their information is secure and if that is in question they will buy from someone else that has taken the steps needed to stay compliant.
If you’re not using HTTPS and have a contact form, of any kind on your website, it’s likely that you are in this group. Google wants to provide a secure surfing environment for internet users and the important thing that Google is looking for is the Green HTTPS in the browser window (see below):
What you should do to make sure you are Google compliant
Contact us or your host company to make sure that you have a valid SSL cert and that your url begins with HTTPS. We have extensive hosting experience and installing SSL Certificates is nothing new to us!