| Author |
 Topic  |
|
|
pi3194
Starting Member
3 Posts |
 Posted - May 05 2007 : 18:53:15
|
Does anyone know if setting up the affiliates options after the site has been launched will affect the security settings or gateway settings ie changing payment from one 3rd party system to the default vise/master card etc.?
Reason I asked is our site was hacked, and were trying to find the way they got through.
Any response would help right now. |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - May 05 2007 : 18:57:47
|
see:
http://www.bigyellowzone.com/blog/?cat=20
(read that from the bottom upwards to get the thread in logical/date order)
a specific hacker has been very active in the last couple of days; as long as you've got all the patches applied you'll probably be fine, but if you don't have the most recent patches applied for your version then you need to apply them right now.
if your anti-virus software showed up some kind of trojan/virus when you were viewing your site, then it's most likely the guy who's been active the last few days. according to what I've found out by going through the stack it's a 27 year old from japan, and he's extremely nasty in what he's doing (injecting keystroke loggers etc). His hacks aren't just restricted to vpasp sites either; it's all over the web; even youtube. To make matters even worse, he's published his scripts and techniques on the web for other people to copy/follow (his notes are in japanese though, so it's a bit hard to follow, although some of his diagrams are quite useful to get an idea of what he's up to)
so, the moral of this story is...always keep your patches up to date.
Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons |
Edited by - devshb on May 05 2007 19:06:10 |
 |
|
|
pi3194
Starting Member
3 Posts |
Posted - May 05 2007 : 19:17:04
|
Thankyou Simon, your site offered some help, but I'm not sure if this was how the hacker got in. We recently were testing our affiliate logins etc, and wonder if this is a security flaw that could allow someone in. Or if theres another way they can get in without being known (not logging in through admin panel).
I will check with the developer to make sure all bug fixes and patches were applied also. |
|
|
|
support
Administrator
4679 Posts |
Posted - May 05 2007 : 22:27:11
|
Hi there,
Sorry to hear you are having trouble.
The affiliate system itself is secure. There are a number of patches if you are using versions older than 6.50 that you should ensure are applied.
Have a look at the following page and make sure you download the relevant update for you version and install.
http://www.vpasp.com/virtprog/info/faq_security.htm
We recommend everyone make sure they are up to date with this and you will be secure from this guy.
We are also completing an add-on that will actually check to see if the hacker has applied his links to your files and run an auto check and strip to remove his hacks.
We will announce this in the news section when we have this ready.
But more importantly make sure you are up to date in your patches. That is the best way to stay safe.
If you are on version 6.50 you are already secure as we virtually rewrote VP-ASP for version 6.50 to remove all known or potential future vulnerabilities.
Thanks
Cam
VP-ASP Support |
|
|
| |
Topic |
|
All Forums
affiliates and security
New Topic
Printer Friendly
TrustGuard - PCI Security Scanner
