Author |
Topic |
|
Mark Priest
VP-CART Expert
United Kingdom
580 Posts |
Posted - September 10 2003 : 06:15:38
|
Hi all,
just been contacted by someone who has had their site hacked and he left this everywhere.
HACKED BY YOUNGGUY ! MAILTO:[email protected] its a l;ive site if anyone wants to destroy this little Wa**er.
Regards,
Mark http://www.host4.me.uk |
|
brecht2
Starting Member
1 Posts |
Posted - September 15 2003 : 05:44:16
|
Hello,
I've the same problem!! Somebody can change my site!! I've followed all the security guidelines yet on : http://www.vpasp.com/virtprog/info/faq_security.htm
VP-ASP, do something please! I've paid a lot for this software! :-(
|
|
|
support
Administrator
4679 Posts |
Posted - September 15 2003 : 06:40:37
|
Many times someone has reported a site is hacked, we have found they have not followed our guidelines.
Today someone asked us to check their site. They said they followed our guidelines. They did not and their database was easily downloaded. Their ISP did not seem to understand the concept of securing the database folder.
Hackers are persistent and even Microsoft with their billions to spend has security flaws as recent annoucements from them can attest.
We do not believe there are security holes in VP-ASP. If you know of one, please inform us immediately.
Our own site is under 365 day attack from hackers and we follow the same guidelines as we share with our customers. No more and no less.
We cannot comment on an individual question like this since we know nothing about your site (your URL). So I am unsure what you really want us to do. Security is everones concern and we do take it very seriously.
Please see www.vpasp.com/virtprog/info/faq_security.htm for the basic concepts of security and any security updates.
Howard Kadetz VP-ASP
Edited by - support on September 15 2003 06:58:23 |
|
|
Superal
VP-CART Expert
Canada
542 Posts |
Posted - September 17 2003 : 01:55:49
|
If ALL of the VPASP security measures are followed and implemented, the site is almost impossible to hack. The only way is to guess your passwords. I have hackers trying everyday but to no avail. My ISP is totally knowledgeable, capable and diligent is making sure your requirements are met. Always the lastest updates and very cost effective.
Ask me who they are if you are looking for an awesome ISP with expertice to do more than is required. These guys have been in the internet since early eighties. None better!
|
|
|
Gabriel
Starting Member
21 Posts |
Posted - September 23 2003 : 17:21:58
|
One possible hole in security is that input text is not checked for script. For example, one can go into the cust admin and put <script>alert('Hello');</script> for their first name. When an order is placed or any other time the first name is displayed, a msgbox will appear. This may seem harmless, but I am sure that someone that knew what they were doing could use it to gain some sort of information and possible hack something.
I could just be anal, but I feel that areas where customers can enter information should have the input strings HTML encoded.
|
|
|
mburko
Starting Member
USA
1 Posts |
Posted - October 08 2003 : 11:52:32
|
We were hacked Oct 6 2003. We use VPASP 4.0 and were apparantly hit by the SQL injection hack.
The hacker: created a new administrator; Exported out order table to a text file; and downloaded the text file.
CC numbers were not disclosed because we do not keep them on the web site.
We mask the middle 8 digits of the CC number by replacing them with Xs.
So my (over simplified) suggetion to all is don't keep anything anyone would benefit from stealing. This certainly works for CC numbers. Downloadable software and the like are a more complicated matter.
Yes, I will be tightening up our security and applying the patches provided by our authors. But the horse is out of the barn. Fortunately for us it is only the legs and not the middle of the horse.
|
|
|
DSopel
Starting Member
11 Posts |
Posted - October 20 2003 : 17:21:51
|
Are there any special precautions we need to take to protect against this type of attack? Is this an issue for the ISP, or the user? Thanks,
|
|
|
YoungGuY
Starting Member
USA
12 Posts |
Posted - December 16 2003 : 09:56:49
|
Hello all ! I'm BLuEMan JoKeR - [email protected] ! I think you're all idot ! Just a simple hole ! Why don't anyone know huh ? khahkakhakh
http://jjhackerjj.com/images/king.gif
BLuEMan JoKeR
Edited by - youngguy on December 16 2003 10:05:17 |
|
|
GTM
VP-CART New User
USA
122 Posts |
Posted - December 17 2003 : 17:52:49
|
This is the youth with this low level mentality. Do something useful with your life before your washing dishes in a Federal Detention Center and wondering where you went wrong.
Greg
|
|
|
siraj
VP-CART New User
USA
194 Posts |
Posted - December 17 2003 : 18:23:13
|
This is his info: Dont know this info correct but if anyone need, he can be tracked down. Domain Name.......... jjhackerjj.com Organisation Name.... Steve Hershey Organisation Address. 1153 buckingham Organisation Address. Clarkston Organisation Address. 48348 Organisation Address. MI Organisation Address. UNITED STATES Admin Name........... BLuEMan JoKeR Admin Address........ 1153 buckingham Admin Address........ Clarkston Admin Address........ 48348 Admin Address........ MI Admin Address........ UNITED STATES Admin Email.......... [email protected] Admin Phone.......... +1.2483940365 Tech Name............ BLuEMan JoKeR Tech Address......... 701 First Ave. Tech Address......... Sunnyvale Tech Address......... 94089 Tech Address......... CA Tech Address......... UNITED STATES Tech Email........... [email protected] Tech Phone........... +1.6198813096 Tech Fax............. +1.6198813010 Name Server.......... yns1.yahoo.com Name Server.......... yns2.yahoo.com
These info are from register but still you can track him down with yahoo as he is hosting the site with them. If someone had real bad experince with this guy, FBI can track him down with single click. Good luck Mr.YoungGuY as BLuEMan JoKeR.
Edited by - siraj on December 17 2003 18:24:43 |
|
|
Habitue
VP-CART New User
USA
90 Posts |
Posted - December 17 2003 : 20:39:06
|
LOL...nicely done
Peace,
~Habitue~
---------------------------------- "I've heard that it's good to think before you speak..." - TBC |
|
|
YoungGuY
Starting Member
USA
12 Posts |
Posted - December 18 2003 : 04:09:55
|
hahahha nice done siraj You think that it's so easily to track me down huh ! kahakahk come and suck me !
BLuEMan JoKeR |
|
|
siraj
VP-CART New User
USA
194 Posts |
Posted - December 18 2003 : 21:17:09
|
Mr.YoungGuY, Your career is wash dishes in a Federal Detention Center, then that's your choice. We cant help you out. Thanks and Take Care, SIRAJ.
Edited by - siraj on December 18 2003 21:17:49 |
|
|
billsingh
VP-CART New User
56 Posts |
|
billsingh
VP-CART New User
56 Posts |
|
GTM
VP-CART New User
USA
122 Posts |
Posted - December 19 2003 : 16:50:34
|
Come and track you down, we dont want you. But, the Federal Authorities for the State of Michigan might. If anybodys interested here is the information.
FBI Detroit 26th. Floor, P. V. McNamara FOB 477 Michigan Avenue Detroit, Michigan 48226 detroit.fbi.gov (313) 965-2323
|
|
|
|
Topic |
|