VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 hackers...
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

candude
VP-ASP New User

Canada
77 Posts

Posted - October 30 2005 :  19:52:14  Show Profile  Visit candude's Homepage  Reply with Quote
hello.. recently i have been attacked frrom hackers from indonesia.. i have changed passwords and implemented all security updates, however still the hacker keeps on changing shop parameters somehow? (like turning the store closed option on, etC)

i use v4 - what can i do?

thanks,
alex

-----------------------
VP-ASP: Installation, Customization and Security
http://www.sublet.net/vpasp/

devshb
Senior Member

United Kingdom
1898 Posts

Posted - October 31 2005 :  04:29:11  Show Profile  Visit devshb's Homepage  Reply with Quote
It's a really difficult dillemma, because posting the causes/solutions here would help the hackers. But not posting them here might lead to people not being able to plug their sites.

I think the best thing to do would be to either upgrade to a later version of vpasp, or if you can't upgrade due to having too many customisations then go through the security updates one-by-one and even for post-v4 fixes apply those (changed as appropriate for v4) where relevant to your version.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons
Go to Top of Page

greatphoto
VP-ASP Super User

USA
304 Posts

Posted - October 31 2005 :  06:35:26  Show Profile  Reply with Quote
quote:

It's a really difficult dillemma, because posting the causes/solutions here would help the hackers. But not posting them here might lead to people not being able to plug their sites.



Yes, this is a very important point. That's why it would be good to move this discussion to the owners-only private security forum. I feel that all VP-ASP cart owners should join this forum. Information is available here:
http://www.vpasp.com/virtprog/vpaspforum/topic.asp?TOPIC_ID=2989

Note that VP-ASP and YourVirtualStore have merged, so the private forum is now endorsed by our very own support team!

Nathan


Go to Top of Page

apswater
VP-ASP Super User

317 Posts

Posted - October 31 2005 :  08:46:03  Show Profile  Visit apswater's Homepage  Reply with Quote
Make sure you have all the SQL Inject updates.
Also you need to get a hold of your weblo file and it will show you exactly how he got in.

Go to Top of Page

apswater
VP-ASP Super User

317 Posts

Posted - October 31 2005 :  08:47:34  Show Profile  Visit apswater's Homepage  Reply with Quote
I think it would be good for someone like Simon to write a fake shopadmin.asp that will either mess up or track the hackers. There must be something we can slip in that will be usefull for us and will make then think twice about hacking through that file anyway...

Go to Top of Page

candude
VP-ASP New User

Canada
77 Posts

Posted - November 01 2005 :  21:05:36  Show Profile  Visit candude's Homepage  Reply with Quote
just thought you guys would like an update to our customers site. and that indonesian hacker.. apparently he used that upload problem to upload one of the asp remote commande exec files to view our clients whole server..

we have patched all files and removed any possible trojans.. changed passwords..

man - VPASP should email any security things like that right away.. without us needing to go through every file for 3 days!

lotsa headache..
alex

p.s. check your files for any suspicious files.. as well as check your logs / and backup files!!!

p.p.s. another security problem to come??? :)

-----------------------
VP-ASP: Installation, Customization and Security
http://www.sublet.net/vpasp/
Go to Top of Page

support
Administrator

4266 Posts

Posted - November 07 2005 :  22:43:33  Show Profile  Visit support's Homepage  Reply with Quote
Dear Candude,

Sorry for the issues you have experienced.

We posted the fix for this back in April this year and then re-released it in September to highlight the urgency of this patch.

We STRONGLY recommend that everyone install the upload patch ASAP.

We are also now being more pro-active and have started a newsletter informing customers of new security patches, new products and general news at VP-ASP.

We hope to help everyone of our customers keep on top of their site security.

Thanks,
Cam Flanigan
VPASP Sales

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000