VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 URGENT! UPS (and about 200 other sites) hacked
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

devshb
Senior Member

United Kingdom
1898 Posts

Posted - September 05 2011 :  12:52:43  Show Profile  Visit devshb's Homepage  Reply with Quote
If anyone here uses ups realtime, or other shipping apis, or payment gateways, it's worth you checking whether or not your current ordering/payment/shipping process has any problems.

UPS, and about 200 other major sites, had their DNS records hacked, and although the main UPS site seems to be back up again, it's struggling and the realtime stuff still seems to be broken.

Apparently the UPS technical phone line is currently closed, and there's nothing on their site about this.

If anyone's got any info at all about any of this (eg have you heard from ups, do you know if/when service will be resumed etc), please post here.

Remember, this is NOT just UPS that's a problem, it's about 200 other sites, so even if you don't use UPS you should still check your ordering process is working/available.

see also:
http://www.dslreports.com/forum/r26281171-DNS-hack-hits-popular-websites-The-Register-etc.
http://nationalcybersecurity.com/2011/09/dns-hack-hits-popular-websites-telegraph-register-ups-etc/

An important note is that the sites themselves haven't been hacked, it's the DNS servers that have been hacked, so it's not necessarily a security fault of UPS etc, it's the fault of the dns registration company/companies who are processing/holding the dns details.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
www.BigYellowKey.com
Follow us on Twitter: http://twitter.com/bigyellowzone
Web Design, Online Marketing and VPASP addons

Edited by - devshb on September 05 2011 12:58:20

support
Administrator

4266 Posts

Posted - September 05 2011 :  20:08:51  Show Profile  Visit support's Homepage  Reply with Quote
Hi Simon,

Thanks for bringing this one up here. It is a bit of a mess alright.

What we have been setting up for customers is alternative shipping options for the time being so they can at least keep trading.

It may not be a problem caused by UPS but it would sure be nice if they could post an update about it.

If anyone gets any news please post away so everyone can find out what is going on.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp
Go to Top of Page

elammers
VP-ASP Super User

USA
256 Posts

Posted - September 06 2011 :  08:21:15  Show Profile  Visit elammers's Homepage  Reply with Quote
Anyone know any news on this? Of our sites using UPS real-time, one returns an error, thus no sales. Another must be error-trapping and just passing $0 on for shipping because no shipping fee charged, but customer can still checkout. And a really old site is working just fine???

Regards,
Eric Lammers
www.KrackMedia.com
Building More Than Web Sites . . . Building a Web Presence
Go to Top of Page

support
Administrator

4266 Posts

Posted - September 06 2011 :  08:26:28  Show Profile  Visit support's Homepage  Reply with Quote
Hi Eric,

I cannot see any rhyme or reason for the way it is behaving. The link we are using to test is sometimes working and sometimes not.

What fun.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp
Go to Top of Page

ils5gvl
Starting Member

USA
14 Posts

Posted - September 06 2011 :  10:17:25  Show Profile  Visit ils5gvl's Homepage  Reply with Quote
We've lost all but 2 orders since Saturday, 9/3 and received 3 customer emails. One customer used the "Store Pickup" option to finalize his order.

Our site has always been configured to use https://wwwcie.ups.com/ups.app/xml/Rate for the rate lookup. It's my understanding that this is a development environment. We made an attempt to use https://www.ups.com/ups.app/xml/Rate but it seems that there's an XML tag issue using this alternate environment. That may also be related to the problems UPS is having but I don't know for sure.

I called UPS technical support a few minutes ago and they said they're aware of the issue and said it was a 3rd party server/DNS issue (I'm just quoting here...) and asked me to contact their email department who would know more about the problem. So I sent an email to UPS Online Tools Developers technical support with a description of the issue.

If you would like, the best way to contact that technical support group is to use their online form at: https://www.ups.com/upsemail/input?loc=en_US&WT.svl=Footer&WT.svl=Footer and follow through and choose XML rate support from the dropdown menu.

I hope this mess gets resolved quickly.

Randy

Go to Top of Page

chrisredco
VP-ASP Super User

282 Posts

Posted - September 06 2011 :  11:18:53  Show Profile  Visit chrisredco's Homepage  Reply with Quote
Good to see this here. I just sent a Helpdesk ticket about my UPS Realtime not working, assuming it was because of a recent conversion my site just made in it's databse, but it seems this might actually be the problem.

Luckily I use US Postal and FEDEX as well, and those are working fine so far.

Redco Audio
www.redco.com
Go to Top of Page

ils5gvl
Starting Member

USA
14 Posts

Posted - September 06 2011 :  12:08:46  Show Profile  Visit ils5gvl's Homepage  Reply with Quote
Our site is still failing with UPS real-time but I received the following reply from UPS:

(Note the production URL they're recommending. Our site is still configured to use wwwcie.ups.com)

Thank you for your inquiry. I am sorry for any difficulties you are having connecting to UPS. Unfortunately, a third-party domain registration company used by UPS and other companies was temporarily unable to provide access to UPS.com. A fix was implemented, and customer access has returned.

If you are still unable to connect to UPS, please follow the steps below:

Flush DNS: This will clear the local DNS cache if your computer is not updating automatically.

1. Close all IE/Firefox/Chrome/Opera browser windows
2. Start > Run
3. Type “CMD”
4. Hit “Enter”
5. Type “ipconfig /flushdns” (ipconfig space /flushdns)
6. Have the customer open new browser window
7. Type www.ups.com

In addition, please ensure your application is posting to the proper production URL. To move the standard UPS Developer API to the production environment, you must point to the production URL. Please adapt the following URL to your own situation:

For the XML API's:

https://onlinetools.ups.com/ups.app/xml/[APIName]

For Web Service API's:

https://onlinetools.ups.com/webservices/[APIName]

Please note that each Developer API has its own name and you will need to replace [API Name] with the name of the API. The name must be used exactly as show below. The name to use is to the right of the equal sign.

UPS XML/Web Service Rating API = Rate
UPS XML/Web Service Tracking API = Track
UPS XML/Web Service Time in Transit API = TimeInTransit
UPS XML Quantum View API = QVEvents
UPS XML/Web Service Address Validation API = AV

If anyone is able to use this URL successfully, please post to the thread.

Best regards,

Randy
Go to Top of Page

ils5gvl
Starting Member

USA
14 Posts

Posted - September 06 2011 :  14:12:30  Show Profile  Visit ils5gvl's Homepage  Reply with Quote
I asked UPS Technical Support if they would fix the wwwcie URL and this is what I received back:

Thank you for sending the requested information. Based on the provided URL address https://wwwcie.ups.com/ups.app/xml/Rate, you are still sending to the testing environment.

To move the standard UPS Developer API to the production environment, you must point to the production URL. Please adapt the following URL to your own situation:

For the XML API's:

https://onlinetools.ups.com/ups.app/xml/[APIName]

For Web Service API's:

https://onlinetools.ups.com/webservices/[APIName]

Please note that each Developer API has its own name and you will need to replace [API Name] with the name of the API. The name must be used exactly as show below. The name to use is to the right of the equal sign.

UPS XML/Web Service Rating API = Rate
UPS XML/Web Service Tracking API = Track
UPS XML/Web Service Time in Transit API = TimeInTransit
UPS XML Quantum View API = QVEvents
UPS XML/Web Service Address Validation API = AV

Please contact us if you need any additional assistance.

Madeline M.
UPS Technical Support


------------------------

When we tried changing the URL over the weekend, we ran into some XML tagging issues but I guess we'll have to try again. If anybody has any success or advice, please send it along.

Thanks,

Randy
Go to Top of Page

elammers
VP-ASP Super User

USA
256 Posts

Posted - September 06 2011 :  16:24:19  Show Profile  Visit elammers's Homepage  Reply with Quote
I'm not sure what to think here. But our customer sites are back up. Here are our situations.

1. Old client on a GoDaddy hosted domain and server running v6.5. When we dove into this problem this morning, they were fine. Never could get it to fail at all today. And in the UPS config of the database, they have the URL address of https://wwwcie.ups.com/ups.app/xml/Rate. I never changed it, and it is still working.

2. Newer client running his own server in house and v7 had the problem. His UPS was working around lunchtime today, but it is broke again this afternoon. They have their own in-house IT guy so he is tackling this.

3. On our own server, both the v6.5 and v7 clients running UPS realtime were having problems. Once we saw this thread that the UPS response that all was well, and we still couldn't connect, we had our hosting vendor flush the DNS cache. That solved our problem about an hour later. The v6.5 client has that same URL address for UPS as the client on GoDaddy.

Dare I update the v6.5 clients from using the "wwwcie" in the UPS URL to the the "onlinetools"???


Regards,
Eric Lammers
www.KrackMedia.com
Building More Than Web Sites . . . Building a Web Presence
Go to Top of Page

support
Administrator

4266 Posts

Posted - September 08 2011 :  01:42:27  Show Profile  Visit support's Homepage  Reply with Quote
Hi all,

Have posted a workaround patch for the UPS issue at:

http://helpnotes.vpasp.com/kb/37-Shipping-Calculations/1041-UPS-real-time-module-patch-to-workaround-the-UPS-DNS-hacking-issue/

Hope this helps!!

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp

Go to Top of Page

Lori Titus
VP-ASP New User

126 Posts

Posted - November 04 2011 :  03:00:35  Show Profile  Visit Lori Titus's Homepage  Reply with Quote
Is the patch still necessary? I am trying to get UPS going on my site, saw the helpnote about the patch, and uploaded it. It is coming up with a 500 - website cannot display the page error. The rest of the site is running just fine.

The Internet's #1 supplier of honey and beeswax.
Go to Top of Page

support
Administrator

4266 Posts

Posted - November 04 2011 :  23:12:58  Show Profile  Visit support's Homepage  Reply with Quote
Hi Lori,

If you have hit an error with the patch best to post a ticket in the helpdesk so our support guys can have a look for you.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000