Your Cart

Shopping Cart Items: 0   Sub-Total : $0.00    View Cart    Checkout
Welcome, Guest ( Customer Panel | Login )


Home | Profile | Register | Active Topics | Members | Search | FAQ


Forgot your Password?
 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Recently Hacked		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

toocharming
Starting Member

1 Posts
Posted - August 14 2002 :  22:59:13  Show Profile  Visit toocharming's Homepage  Reply with Quote
Our VPASP database was hacked into recently. The hacker successfully discovered the correct username/password combination to log into the Administration page.

I wrote some asp scripts to email us whenever someone attempts to access shopadmin.asp or shopadmin1.asp. I am also writing some additional code to lock out unsuccessful login after 3 attempts. I am further considering a SSL certificate.

Anyone else experience hacking recently?

Tom

kwjoey
Starting Member

19 Posts
Posted - January 30 2003 :  06:45:17  Show Profile  Reply with Quote
I just got hacked. The hacker changed my admin password in the database. I don't understand how this happened.

My database is located in the directory- C:\DATA
It is not browsable. Is it possible to hack into the directory from the domain name? Like typing http://domain.com/c:/data ...cause I don't think so.

I'm using VPASP 3.50.

I had removed all files used for conversion and installation, as well as all files starting with C, the Session list utility, Database test utility, and the Template testing utility.

Of course my password was changed from the default one.

Here's what wasn't done before I was hacked.
I didn't change the name of my login page so the hacker could get to that. And I didn't use the login page with the 2nd password that hard-coded in shopadmin.asp. I have since done this.

I figure the hacker must have used a brute force attack to crack the password because the db file was not downloadable.

Does anybody have any other ideas for me?
Go to Top of Page

Superal
VP-CART Expert

Canada
542 Posts
Posted - January 30 2003 :  15:57:05  Show Profile  Reply with Quote
I take it that you have your own server. There are many security issues that pertain to servers alone. Without these measures in place, VPASP is vulnerable. Remember these guys have tools to open the cracks in the server holes. Close em.
Look at the lastest virus attacks on servers only. The security issue has been known for over 6 months but unless you are persistant on updating you see what happens.
Go to Top of Page

Superal
VP-CART Expert

Canada
542 Posts
Posted - January 30 2003 :  16:10:21  Show Profile  Reply with Quote
Just for instance I immediately found a butcher shop in the UK that has left shopdbtest available. No problem for me, no problem for others!
Man oh man there are dozens! Snikeees! Now if I were a crook or a smacker I could have a lot of fun.


Edited by - superal on January 30 2003 16:18:09
Go to Top of Page

mohajali
Starting Member

1 Posts
Posted - May 29 2003 :  11:48:27  Show Profile  Reply with Quote
hi there every body
look at this website:
http://www.google.com/search?q=allinurl:shopadmin.asp&hl=en&lr=&ie=UTF-8&oe=UTF-8&start=230&sa=N

there is 360 vulnerable site in this vuln
isn't there is any1 to contact them and tell then that they are vulnerable


Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00
  • Your Cart Is Empty