VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 affiliates and security
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

pi3194
Starting Member

3 Posts

Posted - May 05 2007 :  18:53:15  Show Profile  Reply with Quote
Does anyone know if setting up the affiliates options after the site has been launched will affect the security settings or gateway settings ie changing payment from one 3rd party system to the default vise/master card etc.?
Reason I asked is our site was hacked, and were trying to find the way they got through.
Any response would help right now.

devshb
Senior Member

United Kingdom
1898 Posts

Posted - May 05 2007 :  18:57:47  Show Profile  Visit devshb's Homepage  Reply with Quote
see:
http://www.bigyellowzone.com/blog/?cat=20

(read that from the bottom upwards to get the thread in logical/date order)

a specific hacker has been very active in the last couple of days; as long as you've got all the patches applied you'll probably be fine, but if you don't have the most recent patches applied for your version then you need to apply them right now.

if your anti-virus software showed up some kind of trojan/virus when you were viewing your site, then it's most likely the guy who's been active the last few days. according to what I've found out by going through the stack it's a 27 year old from japan, and he's extremely nasty in what he's doing (injecting keystroke loggers etc). His hacks aren't just restricted to vpasp sites either; it's all over the web; even youtube. To make matters even worse, he's published his scripts and techniques on the web for other people to copy/follow (his notes are in japanese though, so it's a bit hard to follow, although some of his diagrams are quite useful to get an idea of what he's up to)

so, the moral of this story is...always keep your patches up to date.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons

Edited by - devshb on May 05 2007 19:06:10
Go to Top of Page

pi3194
Starting Member

3 Posts

Posted - May 05 2007 :  19:17:04  Show Profile  Reply with Quote
Thankyou Simon, your site offered some help, but I'm not sure if this was how the hacker got in. We recently were testing our affiliate logins etc, and wonder if this is a security flaw that could allow someone in. Or if theres another way they can get in without being known (not logging in through admin panel).
I will check with the developer to make sure all bug fixes and patches were applied also.
Go to Top of Page

support
Administrator

4266 Posts

Posted - May 05 2007 :  22:27:11  Show Profile  Visit support's Homepage  Reply with Quote
Hi there,

Sorry to hear you are having trouble.


The affiliate system itself is secure. There are a number of patches if you are using versions older than 6.50 that you should ensure are applied.

Have a look at the following page and make sure you download the relevant update for you version and install.

http://www.vpasp.com/virtprog/info/faq_security.htm

We recommend everyone make sure they are up to date with this and you will be secure from this guy.

We are also completing an add-on that will actually check to see if the hacker has applied his links to your files and run an auto check and strip to remove his hacks.

We will announce this in the news section when we have this ready.

But more importantly make sure you are up to date in your patches. That is the best way to stay safe.

If you are on version 6.50 you are already secure as we virtually rewrote VP-ASP for version 6.50 to remove all known or potential future vulnerabilities.

Thanks
Cam

VP-ASP Support
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000