Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
PRIZRAKeee2019-12-11 14:35:21
Information Security
PRIZRAKeee, 2019-12-11 14:35:21

How to find the place where the data is leaking?

Good afternoon. Applications to a competitor are leaking from the site. How applications get to the competitor I can not understand in any way. My question is very superficial, but there is no one else to consult with.
Now I will try to describe the chain along which applications go.

  • WordPress site with SSL certificate. The forms on the site work through the Contact Form 7 plugin.
  • When sending any form from the site, the application falls on one general mail. Several people from the call center have access to this shared mail.
  • At the same time, when sending an application, data is sent to comagic. From comagic there is a quick chime on the sent phone.
  • If a person did not answer the call, then his data from the application is entered into the SRM system. Almost all employees of the company already have access to this SRM to work with clients (about 100 employees).

Our new customers from applications report that our competitors start calling them after submitting an application through our website.
The files on the site were checked several times for sending data to other people's mailboxes and the suspicious code was removed.
I have the following questions:
  1. How can I track at what stage the application goes to the side?
  2. How can you increase the security of the entire system (from the site to employees)?
  3. What should be paid attention to when looking for a security hole?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
V
Vladimir Druzhaev, 2019-12-11
@PRIZRAKeeee

Let one day each of 100 employees see a work phone number that is not familiar to them. BUT! 100 variations of names and surnames - i.e. Show only one to each employee.
If this particular name leaks, he leaked it with 99% of the shares.

Report
I
IT_S_M, 2019-12-11
@IT_S_M

For starters, I would not rule out the human factor.

Report
A
Anatoly Kulikov, 2019-12-11
@anatoly_kulikov

A bit of an obvious suggestion, but look at the Contact form - what mails does it send to. Once I fixed a similar bug, people had a problem - someone added an e-mail with a quiet glanders 2, and it was far below and it was not fate to scroll.
In addition, look at the site itself - perhaps a script has dug in somewhere and sends everything that is entered into the forms.

Report
V
Vitaliy K, 2019-12-11
@revenger

It is worth paying attention to Chrome / Firefox plugins, they come with vulnerabilities, steal form data.

Report
A
Anton R., 2019-12-11
@anton_reut

Several people from the call center have access to this shared mail.

- You DO NOT have any protection against leaks. Or put up or each manager to sign a non-disclosure document with the threat of criminal liability.

Similar questions
A
Andrew2016-03-29 13:01:49
What are some good books on penetration testing websites? 1Reply
I
ivan007392021-11-11 00:31:44
How to get a job as an information security consultant? 2Reply
V
vrmzar2016-04-04 01:28:52
Are cloud storages insurance against infection by encoders (ransomware)? 4Reply
T
tempick2018-08-30 20:48:47
How to discreetly mark banknotes? 3Reply
F
fenric2014-01-20 14:10:55
Should you store passwords in "navicat"? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question