VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Potential hacking via reviews
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Steve2507
VP-ASP Expert

590 Posts

Posted - March 22 2009 :  14:30:20  Show Profile  Reply with Quote
Hi,

Don't know if this is correct or if what they are trying will work, but I thought I would tell you guys about people trying to hack our sites.

They seem to be trying to enter html code into product reviews. Don't know what it what as I deleted it immediately.

I have spoken to other ecommerce owners (not VP) and they have the same at sporadic interval.

Don't know if older unpatched versions will let hackers in this way, but if you are not fully patched it's probably worth your while patching.


Steve
Sex toys from a UK sex shop
Gluten Free Food

webboy
VP-ASP New User

Australia
52 Posts

Posted - April 15 2009 :  06:06:30  Show Profile  Reply with Quote
Maybe we need to approve reviews before they are published. Does this feature exist??

Built for the future
Go to Top of Page

sharkskinz
Starting Member

1 Posts

Posted - April 17 2009 :  08:43:54  Show Profile  Reply with Quote
I just started getting this problem. What patch is needed to block the htlm's on the reviews? Did it stop yours from coming in? I do delete them ASAP myself but I see it could get out of hand. They are coming in more and more everyday. Thank you Cindy
Go to Top of Page

support
Administrator

4266 Posts

Posted - April 17 2009 :  09:25:02  Show Profile  Visit support's Homepage  Reply with Quote
Hi there

We are working with the creators of the CAPTCHA script to resolve this. We have a new version of the script for version 700 and are working on seeing what is involved in backwards engineering this so previous releases are protected.

In the meantime we recommend enabling the admin review feature if you have not already to remove the impact on your live site.

In the online Set Up search for xratingauthorize and set to Yes. This will resolve the issue for earlier versions.

Will keep you updated on what happens for this one.

Thanks
Cam

VPASP Support
Go to Top of Page

support
Administrator

4266 Posts

Posted - April 19 2009 :  20:03:45  Show Profile  Visit support's Homepage  Reply with Quote
Hi All,

We have updated the Captcha code for version 6.50 and have this available as a beta patch.

If you are experiencing this issue, please get in touch with us through our helpdesk at http://helpdesk.vpasp.com and we will forward a copy of the patch through to you.

The installation process for updating is extremely straight forward, however we would like a few customers who are experiencing the spamming of their forms to test this out first to ensure it does block the spammers before making the patch generally available.

Regards
Michael
VPASP SUPPORT
Go to Top of Page

Mark Priest
VP-ASP Expert

United Kingdom
570 Posts

Posted - June 19 2009 :  07:01:17  Show Profile  Reply with Quote
Can captcha be added to earlier versions aswell?

Regards,

Mark
Fireworks
Go to Top of Page

support
Administrator

4266 Posts

Posted - June 19 2009 :  08:15:17  Show Profile  Visit support's Homepage  Reply with Quote
Hi Mark,

Unfortunately we are only developing modules for 650 and higher now.

Thanks

Cam
VPASP Support
Go to Top of Page

bluesky
VP-ASP Super User

302 Posts

Posted - July 22 2009 :  20:00:58  Show Profile  Reply with Quote
surely mark you aint running earlier than 6.5 , ya miserable git ..yer not even scottish
Go to Top of Page

support
Administrator

4266 Posts

Posted - July 23 2009 :  07:26:37  Show Profile  Visit support's Homepage  Reply with Quote
Hi All,

We have actually created a version for version 600 as well. You can download from our Download Center at:

VPASP 600:
http://www.vpasp.com/sales/addons600.asp

VPASP 650:
http://www.vpasp.com/sales/addons650.asp

You will need to have a current license to download the module.

Thanks
Cam

VPASP Support
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000