Buyers Beware

I didn’t save it but I’m sure it’s cached somewhere.

2 Likes

Don’t worry just yet. I sent them the link to your post with the screenshot included. With some magnification they’ll be able to read sucuri’s report. They can always contact sucuri with an inquiry. Really, only sucuri can provide them with helpful advice if they need it. I gave them all the concern they needed by letting them know that customers are reticent about making purchases with them.

Idk about you but I don’t want to lose a good source of vapeware because of a security problem. If we can help them out they can get the problem resolved. I’d like to shop there again once I’m confident.

2 Likes

Hi @muth @Silhouette thanks for informing us about the issue.
We used Sucuri Sitecheck, here is the result:

image
As you can see, there are no malware, no injected spam and no defacements detected.
So it’s safe to shop with us.

And here are the site issues:


The 1st and 3rd are codes we added to tell if the page uses caches.
Earlier we were told by customers that our site is slow, we tried many ways and finally decided to use caches to make it faster.
The 2nd is the realtime updated information of the product.
The 4th is because the magento software we use is old.

If you still have any concerns, please let us know.
Thank you again!

5 Likes

Wow, that was a fast reply. Thank you, Ema :+1:. I’m not very good at understanding all the technical info you posted but I’m sure someone here can explain to me. I appreciate your openness and honesty. I understand your explanation of lines 1-4 but it still says possible malware to the right of those lines. What would be the concern here?

3 Likes

Hey Muth, it says possible malware because of the cache system we use.
we use asynchronous script to update the real time information or tell if the page uses caches after the page is finished.
I’m not good at IT and our tech guy isn’t very good at English, so I just translated what he said.
If there is any misunderstanding please, let me know, I will try to expalin it in another way.

4 Likes

The first picture you shared says:

Has it been communicated to the superior(s) that contuing to use outdated security (software/code) is very vulnerable to attack?

It sounds to me like your IT guy just said “Everything is fine. Don’t worry about it.”
Either that, or his hands are tied by those higher up, and he knows it.

Either way, not good enough (yet) for me to be comfortable.

I do hope things are improved though.

6 Likes

Thank you, Ema. I understand. It does seem to me, though, that it would be wise to have your website up to date in every way possible, especially security. Do you think your superiors would be open to hearing the concerns of their customers? Can you share with them your discussions with us? I use to have a business and I understand trying to operate “on a dime” but sooner or later you have to invest in better equipment or your business suffers. I would really hate to see that happen. Thanks for all your support and best of luck going forward.

2 Likes

@Sprkslfly @muth Thanks for your suggestions.
I’ve forwarded it to our manager.
We have been considering upgrading the software, but we will have to build a bran new site and that will take a long time.
It’s complicated in technique.

We value our customers and their privacy.
We’ll try our best to improve it.

3 Likes

With the attacks on vulnerable Magento (and there are plenty) it kind of seems like that would be an absolute priority for customers.

🤷

5 Likes

That’s great to hear, Ema. Would you be kind enough to keep us updated on your progress. I would love to feel confident doing business with Sourcemore but I just had a credit card hacked myself and I’d like to avoid any other data breaches. Thank you.

4 Likes

Wouldn’t this be something great if a little help from the community just enabled a vendor to secure their site so we can recommend business? Thank you for bringing it to our attention, Amber.

2 Likes

fyi to all for fairness: focalecig came thru in the end and delivered my order. theyve responded to me now but only on the paypal platform (they didn’t reply to my regular emails). i do not preceive the website info to have updated_ so no mention of shutdown or the like to justify why ‘24 shipping’ might take over a week.

@muth must’ve been back in the day, you gave me advice when i was starting or i read one of your posts… got the pic stuck in my head, not the name for some reason_ bestest

4 Likes

Glad it worked out with focalecig. Still, timely communication is essential to good customer service. 48 hours is the protocol. If they’re lacking help due to covid they should be clear on that like other sites have been. At least then we know what we’re dealing with. All it takes is a short message at the top of their homepage.

3 Likes
2 Likes

Here it is, there you are! I couldn’t remember where this conversation took place. I have great news. Long story short, Sourcemore is doing business with Sucuri now. They bought their package and are setting it up now. I wrote about this in the What Has Made You Smile Today thread. Don’t know if you saw it. After their rep, Moira came here to talk to us I kept writing her emails. We corresponded back and forth for awhile. Her last email was to let me know that they are working with Sucuri to make their site safe. I couldn’t believe the good news. I’ve got items in my wishlist I’d like to buy.

6 Likes

For anyone interested in the progress of Sourcemore’s security risk. Here’s the most recent email from their rep. She has been forthcoming and responsive. It looks like the owners have opted out of an entire website upgrade for now but the site is a low security risk now. Much better than before. If you have a vested interest you can follow the link she provided:

"Thank you very much for your kindness!

It’s what we should do to improve our site security.

We should thank you for let us know the issue.

We’ve added the Sucuri firewall and monitoring and removed the code which we used to tell if the page uses caches.

Now it shows low security." risk:
https://sitecheck.sucuri.net/results/www.sourcemore.com

Thank you again!

Best regards,

Moira

6 Likes

After my last fiasco with overseas ordering, I’ve pretty much put the kibosh on this option of purchasing gear.

I hate to generalize and put them all in one basket… but, “stick a fork in me, I’m done!”. :face_with_raised_eyebrow:

7 Likes

@Kinnikinnick:
I still have a lot of stuff from fasttech driving around in China. But I used 4PX, PostNL and Singapore Post on some orders and all arrived in 3-4 weeks. I think just Fasttechs EMS/USPS and their local airfreight provider are still overwhelmingly overloaded with old shipments.

5 Likes

Yeah, exactly what happened to mine. Just got it the other day and from start to finish took 49 days to Oz. Don’t give up all hope @Kinnikinnick, everything will be sweet once this hump is over. Cheers.

8 Likes

92 days and counting… :roll_eyes:

3 Likes