VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Site Hack
 New Topic  Reply to Topic
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

Mark Priest
VP-ASP Expert

United Kingdom
570 Posts

Posted - September 10 2003 :  06:15:38  Show Profile  Reply with Quote
Hi all,

just been contacted by someone who has had their site hacked and he left this everywhere.

HACKED BY YOUNGGUY ! MAILTO:[email protected] its a l;ive site if anyone wants to destroy this little Wa**er.



Regards,

Mark
http://www.host4.me.uk

brecht2
Starting Member

1 Posts

Posted - September 15 2003 :  05:44:16  Show Profile  Reply with Quote
Hello,

I've the same problem!!
Somebody can change my site!!
I've followed all the security guidelines yet on : http://www.vpasp.com/virtprog/info/faq_security.htm

VP-ASP, do something please! I've paid a lot for this software! :-(


Go to Top of Page

support
Administrator

4266 Posts

Posted - September 15 2003 :  06:40:37  Show Profile  Visit support's Homepage  Reply with Quote
Many times someone has reported a site is hacked, we have found they have not followed our guidelines.

Today someone asked us to check their site. They said they followed our guidelines. They did not and their database was easily downloaded. Their ISP did not seem to understand the concept of securing the database folder.

Hackers are persistent and even Microsoft with their billions to spend has security flaws as recent annoucements from them can attest.

We do not believe there are security holes in VP-ASP. If you know of one, please inform us immediately.

Our own site is under 365 day attack from hackers and we follow the same guidelines as we share with our customers. No more and no less.

We cannot comment on an individual question like this since we know nothing about your site (your URL). So I am unsure what you really want us to do. Security is everones concern and we do take it very seriously.

Please see www.vpasp.com/virtprog/info/faq_security.htm for the basic concepts of security and any security updates.

Howard Kadetz
VP-ASP

Edited by - support on September 15 2003 06:58:23
Go to Top of Page

Superal
VP-ASP Expert

Canada
542 Posts

Posted - September 17 2003 :  01:55:49  Show Profile  Reply with Quote
If ALL of the VPASP security measures are followed and implemented, the site is almost impossible to hack. The only way is to guess your passwords. I have hackers trying everyday but to no avail. My ISP is totally knowledgeable, capable and diligent is making sure your requirements are met. Always the lastest updates and very cost effective.

Ask me who they are if you are looking for an awesome ISP with expertice to do more than is required. These guys have been in the internet since early eighties. None better!

Go to Top of Page

Gabriel
Starting Member

21 Posts

Posted - September 23 2003 :  17:21:58  Show Profile  Reply with Quote
One possible hole in security is that input text is not checked for script. For example, one can go into the cust admin and put <script>alert('Hello');</script> for their first name. When an order is placed or any other time the first name is displayed, a msgbox will appear. This may seem harmless, but I am sure that someone that knew what they were doing could use it to gain some sort of information and possible hack something.

I could just be anal, but I feel that areas where customers can enter information should have the input strings HTML encoded.

Go to Top of Page

mburko
Starting Member

USA
1 Posts

Posted - October 08 2003 :  11:52:32  Show Profile  Visit mburko's Homepage  Reply with Quote
We were hacked Oct 6 2003.
We use VPASP 4.0 and were apparantly hit by the SQL injection hack.

The hacker:
created a new administrator;
Exported out order table to a text file; and
downloaded the text file.

CC numbers were not disclosed because we do not keep them on the web site.

We mask the middle 8 digits of the CC number by replacing them with Xs.

So my (over simplified) suggetion to all is don't keep anything anyone would benefit from stealing. This certainly works for CC numbers. Downloadable software and the like are a more complicated matter.

Yes, I will be tightening up our security and applying the patches provided by our authors. But the horse is out of the barn. Fortunately for us it is only the legs and not the middle of the horse.

Go to Top of Page

DSopel
Starting Member

11 Posts

Posted - October 20 2003 :  17:21:51  Show Profile  Visit DSopel's Homepage  Reply with Quote
Are there any special precautions we need to take to protect against this type of attack? Is this an issue for the ISP, or the user?
Thanks,


Go to Top of Page

YoungGuY
Starting Member

USA
12 Posts

Posted - December 16 2003 :  09:56:49  Show Profile  Visit YoungGuY's Homepage  Reply with Quote
Hello all ! I'm BLuEMan JoKeR - [email protected] ! I think you're all idot ! Just a simple hole ! Why don't anyone know huh ? khahkakhakh


http://jjhackerjj.com/images/king.gif

BLuEMan JoKeR

Edited by - youngguy on December 16 2003 10:05:17
Go to Top of Page

GTM
VP-ASP New User

USA
122 Posts

Posted - December 17 2003 :  17:52:49  Show Profile  Reply with Quote
This is the youth with this low level mentality. Do something useful with your life before your washing dishes in a Federal Detention Center and wondering where you went wrong.

Greg

Go to Top of Page

siraj
VP-ASP New User

USA
194 Posts

Posted - December 17 2003 :  18:23:13  Show Profile  Visit siraj's Homepage  Reply with Quote
This is his info:
Dont know this info correct but if anyone need, he can be tracked down.
Domain Name.......... jjhackerjj.com
Organisation Name.... Steve Hershey
Organisation Address. 1153 buckingham
Organisation Address. Clarkston
Organisation Address. 48348
Organisation Address. MI
Organisation Address. UNITED STATES
Admin Name........... BLuEMan JoKeR
Admin Address........ 1153 buckingham
Admin Address........ Clarkston
Admin Address........ 48348
Admin Address........ MI
Admin Address........ UNITED STATES
Admin Email.......... [email protected]
Admin Phone.......... +1.2483940365
Tech Name............ BLuEMan JoKeR
Tech Address......... 701 First Ave.
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... [email protected]
Tech Phone........... +1.6198813096
Tech Fax............. +1.6198813010
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com

These info are from register but still you can track him down with yahoo as he is hosting the site with them.
If someone had real bad experince with this guy, FBI can track him down with single click.
Good luck Mr.YoungGuY as BLuEMan JoKeR.


Edited by - siraj on December 17 2003 18:24:43
Go to Top of Page

Habitue
VP-ASP New User

USA
90 Posts

Posted - December 17 2003 :  20:39:06  Show Profile  Reply with Quote
LOL...nicely done

Peace,

~Habitue~

----------------------------------
"I've heard that it's good to think before you speak..." - TBC
Go to Top of Page

YoungGuY
Starting Member

USA
12 Posts

Posted - December 18 2003 :  04:09:55  Show Profile  Visit YoungGuY's Homepage  Reply with Quote
hahahha nice done siraj You think that it's so easily to track me down huh ! kahakahk come and suck me !

BLuEMan JoKeR
Go to Top of Page

siraj
VP-ASP New User

USA
194 Posts

Posted - December 18 2003 :  21:17:09  Show Profile  Visit siraj's Homepage  Reply with Quote
Mr.YoungGuY,
Your career is wash dishes in a Federal Detention Center, then that's your choice. We cant help you out.
Thanks and Take Care,
SIRAJ.


Edited by - siraj on December 18 2003 21:17:49
Go to Top of Page

billsingh
VP-ASP New User

56 Posts

Posted - December 19 2003 :  10:28:51  Show Profile  Visit billsingh's Homepage  Reply with Quote
All the fraudulent transactions please report here.
http://www1.ifccfbi.gov/cf1.asp (FBI)

Good luck Mr. BLuEMan JoKeR ( I like your name thou)


Thanks
Bill Singh
[email protected]
Go to Top of Page

billsingh
VP-ASP New User

56 Posts

Posted - December 19 2003 :  10:29:39  Show Profile  Visit billsingh's Homepage  Reply with Quote
All the fraudulent transactions please report here.
http://www1.ifccfbi.gov/cf1.asp (FBI)

Good luck Mr. BLuEMan JoKeR ( I like your name thou)


Thanks
Bill Singh
[email protected]
Go to Top of Page

GTM
VP-ASP New User

USA
122 Posts

Posted - December 19 2003 :  16:50:34  Show Profile  Reply with Quote
Come and track you down, we dont want you. But, the Federal Authorities for the State of Michigan might. If anybodys interested here is the information.

FBI Detroit
26th. Floor, P. V. McNamara FOB
477 Michigan Avenue
Detroit, Michigan 48226
detroit.fbi.gov
(313) 965-2323

Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000