VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 4.5
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

candude
VP-ASP New User

Canada
77 Posts

Posted - December 03 2005 :  21:47:32  Show Profile  Visit candude's Homepage  Reply with Quote
Hello,

I have applied all patches to ver. 4.5 however over the last few days have seen a user IP logging in from Vietnam using my same username.

Wonder if anyone knows how? I patched all - but I guess it is still accessible somehow?

Alex

-----------------------
VP-ASP: Installation, Customization and Security
http://www.sublet.net/vpasp/

apswater
VP-ASP Super User

317 Posts

Posted - December 04 2005 :  09:34:43  Show Profile  Visit apswater's Homepage  Reply with Quote
Change the name of the log in page
Change you name and password
Make sure you have the hard coded 2nd password

If you do that and he gets in then you didnt put all the patches in.

I also use 4.5 and mine is rock solid.

Tech support helped me on a few mods that eliminated the login page all together and now you can only get in admin if you have the right IP#. I dont even have to log on anymore but no one can get in.

You might want to talk to Cam about doing it for you.



Edited by - apswater on December 04 2005 09:41:58
Go to Top of Page

apswater
VP-ASP Super User

317 Posts

Posted - December 04 2005 :  09:34:44  Show Profile  Visit apswater's Homepage  Reply with Quote
Change the name of the log in page
Change you name and password
Make sure you have the hard coded 3nd password

If you do that and he gets in then you didnt put all the patches in.

I also use 4.5 and mine is rock solid.

Tech support helped me on a few mods that eliminated the login page all together and now you can only get in admin if you have the right IP#. I dont even have to log on anymore but no one can get in.

You might want to talk to Cam about doing it for you.

Go to Top of Page

support
Administrator

4266 Posts

Posted - December 04 2005 :  17:15:28  Show Profile  Visit support's Homepage  Reply with Quote
While you may have applied the image upload patch a hacker may already have uploaded files before you got to it.

Please check all files to ensure they have not been modified. The hackers are not only uploading their own files they are also modifying existing files and uploading to the server to try to hide the fact they have done so.

An existing file like shopthanks.asp will look and work the same but there may be an extra few lines of code in there that send out sensitive info to the hacker.

Please read all the security fixes and ensure you always downloda the patches from the download center.

Thank you
VPASP Support

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000