Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Attempted Hacks
 New Topic  Reply to Topic
 Printer Friendly
Previous Page | Next Page
Author Previous Topic Topic Next Topic
Page: of 3

greatphoto
VP-CART Super User

USA
304 Posts

Posted - October 22 2004 :  21:46:10  Show Profile  Reply with Quote
quote:

Hi Nathan,

Have you had a chance to have a look through our security forum? Any input from you would be great.

We have quite a fair number of merchants on their now so any ideas greatly appreciated.

This search engine stuff would be great.

Cheers,
Cam




Hi Cam!

Sorry I disappeared for awhile. Yes, I've joined the security forum and begun to browse through. It looks great. I hope to be able to contribute there soon. I have a lot of reading to catch up on since I've been gone so long.

Nathan

Go to Top of Page

apswater
VP-CART Super User

444 Posts

Posted - July 25 2005 :  10:34:04  Show Profile  Visit apswater's Homepage  Reply with Quote
I had an interesting hack this weekend.

Please check your logs for IP# 24.24.246.27
and let me know if you guys see this number.

They were able to pull up our secret admin page and even got passed the hard coded password... I am not sure how they did it yet, but they are in virginia. I am going to turn it over to the FBI, but was hoping someone else has seen the same IP#.

Go to Top of Page

apswater
VP-CART Super User

444 Posts

Posted - July 25 2005 :  12:18:54  Show Profile  Visit apswater's Homepage  Reply with Quote
ok,

I think I figured it out... It looks like it was me, but my cable modem had a temporary different IP# which showed it belonged in Virginia. So I guess all is safe. Thanks

Go to Top of Page

support
Administrator

4679 Posts

Posted - July 28 2005 :  06:22:36  Show Profile  Visit support's Homepage  Reply with Quote
There is a SQL Injection out there we have come across that does actually allow a hacker to do this.

We STRONGLY recommend that all customers regulary check our security updates page and implement all patches as soon as possible.

I cannot stress how important this is especially with the CISP changes coming into force.

You must NOT store credit cards on your site.

If you do take cards then delete them as soon as the order has come in. There is a snippet on the check list page listed below on how to automate this.

If you have been storing cards we have a bulk card removal tool which I recommend you take advantage of. This can be downloaded from our free add-ons section.
http://www.vpasp.com/sales/addons.asp

It is up to you to ensure your site and the details contained within are secure. We have provided the tools below to help you achieve this.

We have published a security guidelines checklist on our website at:
http://www.vpasp.com/helpnotes/shopexd.asp?id=811

We highly recommend that all of the security guidelines listed in this document are followed to make VP-ASP as secure as possible.

In addition to this, please ensure you have all of our security patches installed:
http://www.vpasp.com/virtprog/info/faq_security.htm

We also are now offering our customers a security auditing service, which will involve a member of our security team visiting your site and ensuring that your site is as secure as possible.

If we find any vulnerabilities we will repair and update as required.

For more information about our auditing service, please read the following FAQ:
http://www.vpasp.com/virtprog/info/faq_security.htm#audit

Thank you.
VPASP Support

Edited by - support on March 20 2006 16:39:08
Go to Top of Page

zelo
Starting Member

USA
2 Posts

Posted - March 20 2006 :  15:49:14  Show Profile  Visit zelo's Homepage  Reply with Quote
These links do not work.

quote:
Originally posted by support

There is a SQL Injection out there we have come across that does actually allow a hacker to do this.

We STRONGLY recommend that all customers regulary check our security updates page and implement all patches as soon as possible.

I cannot stress how important this is especially with the CISP changes coming into force.

You must NOT store credit cards on your site.

If you do take cards then delete them as soon as the order has come in. There is a snippet on the check list page listed below on how to automate this.

If you have been storing cards we have a bulk card removal tool which I recommend you take advantage of. This can be downloaded from our free add-ons section.

http://www.vpasp.com/sales/addons.asp

It is up to you to ensure your site and the details contained within are secure. We have provided the tools below to help you achieve this.

We have published a security guidelines checklist on our website at:

http://www.vpasp.com/virtprog/info/faq_securitychecklist.htm.

We highly recommend that all of the security guidelines listed in this document are followed to make VP-ASP as secure as possible.

In addition to this, please ensure you have all of our security patches installed:

http://www.vpasp.com/virtprog/info/faq_securityfixes.htm.

We also are now offering our customers a security auditing service, which will involve a member of our security team visiting your site and ensuring that your site is as secure as possible.

If we find any vulnerabilities we will repair and update as required.

For more information about our auditing service, please read the following FAQ:

http://www.vpasp.com/virtprog/info/faq_audit.htm

Thank you.
VPASP Support






Zelo
Webmaster -- zelo.com
http://www.zelo.com
[email protected]
Go to Top of Page

support
Administrator

4679 Posts

Posted - March 20 2006 :  16:39:53  Show Profile  Visit support's Homepage  Reply with Quote
Sorry about that. The links had a full stop after them which i have now removed.

Thanks,
Cam

VP-ASP Support
Go to Top of Page

epseja
VP-CART New User

USA
61 Posts

Posted - February 04 2008 :  09:47:00  Show Profile  Reply with Quote
It would be nice if instead of deleting threads dealing with known SQL injection hacks that are affecting the categories table of many VPASP sites, a dialogue would be opened or research done to address the issue. Wanna see how many? Just search for "njnk.net" (with the quotes) in Google.

Yes, this morning, the njnk.net script was injected into the categories table of my site, despite the fact that I applied all of the security measures, renamed all of the necessary files, and regularly use BigYellow's SQL Injection finder utility.

How about some meaningful research into the problem, VPASP? It's always the category table, and somehow, "script" tags find their way in... Anyone else run into this issue?
Go to Top of Page

support
Administrator

4679 Posts

Posted - February 04 2008 :  18:05:02  Show Profile  Visit support's Homepage  Reply with Quote
Our forum became corrupted and we have lost a large number of posts. Apologies for that.

If you have applied ALL patches this will stop the hacks.

Please verify that all have been applied correctly. In every case where we look into this there are missing patches.

We also offer an audit service if you do not feel comfortable adding them yourself.

Please contact us through our help desk for more information on our security auditing services.

Thanks
Cam

VP-ASP Support
Go to Top of Page

apswater
VP-CART Super User

444 Posts

Posted - February 05 2008 :  01:11:39  Show Profile  Visit apswater's Homepage  Reply with Quote
I have been getting this traffic lately

shopdisplayproducts.asp?page=http%3A%2F%2Fwww.elettrodataservice.it%

The url changes many times.

anyone else see it and know if it is just a hack attempt?
Go to Top of Page

lynch
VP-CART New User

USA
74 Posts

Posted - February 05 2008 :  12:06:57  Show Profile  Reply with Quote
I've seen a lot of that recently too. I don't see how it could be much of a hack... but I'm tempted to just redirect people to whatever address they enter. It's better than getting all these "error 500" e-mails I've set up.
Go to Top of Page

epseja
VP-CART New User

USA
61 Posts

Posted - February 05 2008 :  13:28:50  Show Profile  Reply with Quote
I don't currently have the funds to employ your security auditing service, but I have gone line by line through all of the necessary code changes and am confident that we're up to date.

The main question is, given the nature of the injection, has the security team over at VP-ASP determined just how the njnk.net script code could have gotten inserted into the categories table in the first place?

I do have the Big Yellow Zone Category Tree utility installed on my site. Perhaps there is some hole in that code? Can someone from BYZ check the list of infected sites (see my post above) and see if any of them are BYZ clients using the same utility? Perhaps this is a good place to start looking?

Edited by - epseja on February 05 2008 13:30:41
Go to Top of Page

support
Administrator

4679 Posts

Posted - February 05 2008 :  15:26:18  Show Profile  Visit support's Homepage  Reply with Quote
The hackers are happy to use whatever vulnerability they find. The most important ones to ensure you are up to date on are the paypalresult.asp and the shop$db.asp changes.

Download the patch files and use Winmerge to compare the files against your default versions.

I am not sure of the BYZ modules however i doubt they will have holes.

We also have a new module we will be uploading shortly that will strip out any references to the script code to make cleansing more straight forward.

Thanks
Cam

VP-ASP Support
Go to Top of Page

devshb
Senior Member

United Kingdom
1904 Posts

Posted - February 05 2008 :  15:34:01  Show Profile  Visit devshb's Homepage  Reply with Quote
definitely not the category tree that'd allow a hack; it uses an admin check regardless of whether you run the main asp or if you try a sub/included asp, and the same applies to other admin-related byz addons too.
we're getting quite a few emails from people who've had their sites hacked (ie to help out clean the data etc) but from what I've seen so far it's only happening on unpatched sites; once all the patches are applied the hack stops

all the non-admin (ie customer-side) byz addons are also coded-up to stop hackers; can't go into too much detail on that front because I don't want to tell the hackers how different addons deal with potential hacks, but to give you an example something like our new paging addon won't allow hackers to use the querystring as a way of injecting data.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons

Edited by - devshb on February 05 2008 15:44:03
Go to Top of Page

dwight
VP-CART New User

USA
143 Posts

Posted - February 20 2008 :  06:40:48  Show Profile  Reply with Quote
Was wondering if anyone was using or had success with using

<META NAME="GOOGLEBOT" CONTENT="NOARCHIVE">
OR
<META NAME="GOOGLEBOT" CONTENT="NOINDEX">

so that their site could not be found by searching for the terms "shopdisplayproducts" and other terms that point to a vpasp shopping cart.

Personally, I don't think this is the answer, but then if it slows the hackers while VPASP develops other security measures I'd like to use it.

thanks
dwight
bye
Go to Top of Page

apswater
VP-CART Super User

444 Posts

Posted - February 20 2008 :  12:49:19  Show Profile  Visit apswater's Homepage  Reply with Quote
I thought about changing the file names. THat would prboably do a lot to stop hackers. I have to say we get alot of attempts, but we are locked up tight and have not had a problem.

Go to Top of Page
Page: of 3
Previous Topic Topic Next Topic  
Previous Page | Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00