VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 re: Site Hacked
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

rdecker
Starting Member

USA
2 Posts

Posted - July 13 2011 :  22:07:07  Show Profile  Reply with Quote
My site has been hacked VP-ASP 5.0 and I am not sure of the source. Its time to upgrade to 7.0 and I would like to use MS SQL instead of MS Access. I plan re-design the shopping from the begining to ensure I cover all the security suggestions. Is there an add on to convert Access to MS SQL or would it be easier to totally start with a clean database (only 100 products).

support
Administrator

4266 Posts

Posted - July 13 2011 :  22:18:46  Show Profile  Visit support's Homepage  Reply with Quote
Hi there

We do have an Access to SQL/MySQL module available in our downloads.

Depending on what the hack was I would probably remove all files from the server except your database and then upload the new store files. This ensures that their are no suspect files left on the server.

If they have injected into the database we have some tools to help cleanse the data and BYZ also have a great cleansing tool as well.

Hope this helps.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - July 14 2011 :  17:17:31  Show Profile  Visit devshb's Homepage  Reply with Quote
yep; we've got 2 separate modules, a scanner (to show you in a safe way what the injected values are), and a cleaner (to strip out the injections):

scanner:
http://www.bigyellowkey.com/mysoftware_product_details.asp?prdid=328

cleaner:
http://www.bigyellowkey.com/mysoftware_product_details.asp?prdid=342

and, the site-suspender is also handy:
http://www.bigyellowkey.com/mysoftware_product_details.asp?prdid=325
that lets you suspend the whole of vpasp, and while the site's suspended you can still access it by using an override pwd even though nobody else can access it.

By cleaning the injected values, that can help buy you some breathing-space/time while you investigate/finalise a more permanent upgrade solution.

The scanner/cleaner is just for data, not files. As per Cam's note, if your files have been altered then I think you'd want to start from scratch with a fresh set of files that you know are safe.

If the hackers managed to effect physical files rather than just data then you'd want to suspend the site, scan/clean the data, and start afresh file-wise.

Also, you'd probably want to force all the shop's staff to run a full anti-virus scan just in case they've got a keylogger that's been picked up from a virus/injection, then make sure you change ALL the pwds (including your ftp pwds and host control panel pwds) (do those bits before you do the scan/clean etc; ie do the anti-virus checks first, then change the pwds, then work on cleaning the data/files; if you did it the other way around then potentially you could end up going round in circles.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
www.BigYellowKey.com
Follow us on Twitter: http://twitter.com/bigyellowzone
Web Design, Online Marketing and VPASP addons

Edited by - devshb on July 14 2011 17:31:06
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000