Author |
Topic |
|
greatphoto
VP-CART Super User
USA
304 Posts |
Posted - October 22 2004 : 21:46:10
|
quote:
Hi Nathan,
Have you had a chance to have a look through our security forum? Any input from you would be great.
We have quite a fair number of merchants on their now so any ideas greatly appreciated.
This search engine stuff would be great.
Cheers, Cam
Hi Cam!
Sorry I disappeared for awhile. Yes, I've joined the security forum and begun to browse through. It looks great. I hope to be able to contribute there soon. I have a lot of reading to catch up on since I've been gone so long.
Nathan
|
|
|
apswater
VP-CART Super User
444 Posts |
Posted - July 25 2005 : 10:34:04
|
I had an interesting hack this weekend.
Please check your logs for IP# 24.24.246.27 and let me know if you guys see this number.
They were able to pull up our secret admin page and even got passed the hard coded password... I am not sure how they did it yet, but they are in virginia. I am going to turn it over to the FBI, but was hoping someone else has seen the same IP#.
|
|
|
apswater
VP-CART Super User
444 Posts |
Posted - July 25 2005 : 12:18:54
|
ok,
I think I figured it out... It looks like it was me, but my cable modem had a temporary different IP# which showed it belonged in Virginia. So I guess all is safe. Thanks
|
|
|
support
Administrator
4679 Posts |
Posted - July 28 2005 : 06:22:36
|
There is a SQL Injection out there we have come across that does actually allow a hacker to do this.
We STRONGLY recommend that all customers regulary check our security updates page and implement all patches as soon as possible.
I cannot stress how important this is especially with the CISP changes coming into force.
You must NOT store credit cards on your site.
If you do take cards then delete them as soon as the order has come in. There is a snippet on the check list page listed below on how to automate this.
If you have been storing cards we have a bulk card removal tool which I recommend you take advantage of. This can be downloaded from our free add-ons section. http://www.vpasp.com/sales/addons.asp
It is up to you to ensure your site and the details contained within are secure. We have provided the tools below to help you achieve this.
We have published a security guidelines checklist on our website at: http://www.vpasp.com/helpnotes/shopexd.asp?id=811
We highly recommend that all of the security guidelines listed in this document are followed to make VP-ASP as secure as possible.
In addition to this, please ensure you have all of our security patches installed: http://www.vpasp.com/virtprog/info/faq_security.htm We also are now offering our customers a security auditing service, which will involve a member of our security team visiting your site and ensuring that your site is as secure as possible.
If we find any vulnerabilities we will repair and update as required. For more information about our auditing service, please read the following FAQ: http://www.vpasp.com/virtprog/info/faq_security.htm#audit
Thank you. VPASP Support |
Edited by - support on March 20 2006 16:39:08 |
|
|
zelo
Starting Member
USA
2 Posts |
Posted - March 20 2006 : 15:49:14
|
These links do not work.
quote: Originally posted by support
There is a SQL Injection out there we have come across that does actually allow a hacker to do this.
We STRONGLY recommend that all customers regulary check our security updates page and implement all patches as soon as possible.
I cannot stress how important this is especially with the CISP changes coming into force.
You must NOT store credit cards on your site.
If you do take cards then delete them as soon as the order has come in. There is a snippet on the check list page listed below on how to automate this.
If you have been storing cards we have a bulk card removal tool which I recommend you take advantage of. This can be downloaded from our free add-ons section.
http://www.vpasp.com/sales/addons.asp
It is up to you to ensure your site and the details contained within are secure. We have provided the tools below to help you achieve this.
We have published a security guidelines checklist on our website at:
http://www.vpasp.com/virtprog/info/faq_securitychecklist.htm.
We highly recommend that all of the security guidelines listed in this document are followed to make VP-ASP as secure as possible.
In addition to this, please ensure you have all of our security patches installed:
http://www.vpasp.com/virtprog/info/faq_securityfixes.htm. We also are now offering our customers a security auditing service, which will involve a member of our security team visiting your site and ensuring that your site is as secure as possible.
If we find any vulnerabilities we will repair and update as required. For more information about our auditing service, please read the following FAQ:
http://www.vpasp.com/virtprog/info/faq_audit.htm
Thank you. VPASP Support
Zelo Webmaster -- zelo.com http://www.zelo.com [email protected] |
|
|
support
Administrator
4679 Posts |
Posted - March 20 2006 : 16:39:53
|
Sorry about that. The links had a full stop after them which i have now removed.
Thanks, Cam
VP-ASP Support |
|
|
epseja
VP-CART New User
USA
61 Posts |
Posted - February 04 2008 : 09:47:00
|
It would be nice if instead of deleting threads dealing with known SQL injection hacks that are affecting the categories table of many VPASP sites, a dialogue would be opened or research done to address the issue. Wanna see how many? Just search for "njnk.net" (with the quotes) in Google.
Yes, this morning, the njnk.net script was injected into the categories table of my site, despite the fact that I applied all of the security measures, renamed all of the necessary files, and regularly use BigYellow's SQL Injection finder utility.
How about some meaningful research into the problem, VPASP? It's always the category table, and somehow, "script" tags find their way in... Anyone else run into this issue? |
|
|
support
Administrator
4679 Posts |
Posted - February 04 2008 : 18:05:02
|
Our forum became corrupted and we have lost a large number of posts. Apologies for that.
If you have applied ALL patches this will stop the hacks.
Please verify that all have been applied correctly. In every case where we look into this there are missing patches.
We also offer an audit service if you do not feel comfortable adding them yourself.
Please contact us through our help desk for more information on our security auditing services.
Thanks Cam
VP-ASP Support |
|
|
apswater
VP-CART Super User
444 Posts |
Posted - February 05 2008 : 01:11:39
|
I have been getting this traffic lately
shopdisplayproducts.asp?page=http%3A%2F%2Fwww.elettrodataservice.it%
The url changes many times.
anyone else see it and know if it is just a hack attempt? |
|
|
lynch
VP-CART New User
USA
74 Posts |
Posted - February 05 2008 : 12:06:57
|
I've seen a lot of that recently too. I don't see how it could be much of a hack... but I'm tempted to just redirect people to whatever address they enter. It's better than getting all these "error 500" e-mails I've set up. |
|
|
epseja
VP-CART New User
USA
61 Posts |
Posted - February 05 2008 : 13:28:50
|
I don't currently have the funds to employ your security auditing service, but I have gone line by line through all of the necessary code changes and am confident that we're up to date.
The main question is, given the nature of the injection, has the security team over at VP-ASP determined just how the njnk.net script code could have gotten inserted into the categories table in the first place?
I do have the Big Yellow Zone Category Tree utility installed on my site. Perhaps there is some hole in that code? Can someone from BYZ check the list of infected sites (see my post above) and see if any of them are BYZ clients using the same utility? Perhaps this is a good place to start looking? |
Edited by - epseja on February 05 2008 13:30:41 |
|
|
support
Administrator
4679 Posts |
Posted - February 05 2008 : 15:26:18
|
The hackers are happy to use whatever vulnerability they find. The most important ones to ensure you are up to date on are the paypalresult.asp and the shop$db.asp changes.
Download the patch files and use Winmerge to compare the files against your default versions.
I am not sure of the BYZ modules however i doubt they will have holes.
We also have a new module we will be uploading shortly that will strip out any references to the script code to make cleansing more straight forward.
Thanks Cam
VP-ASP Support |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - February 05 2008 : 15:34:01
|
definitely not the category tree that'd allow a hack; it uses an admin check regardless of whether you run the main asp or if you try a sub/included asp, and the same applies to other admin-related byz addons too. we're getting quite a few emails from people who've had their sites hacked (ie to help out clean the data etc) but from what I've seen so far it's only happening on unpatched sites; once all the patches are applied the hack stops
all the non-admin (ie customer-side) byz addons are also coded-up to stop hackers; can't go into too much detail on that front because I don't want to tell the hackers how different addons deal with potential hacks, but to give you an example something like our new paging addon won't allow hackers to use the querystring as a way of injecting data.
Simon Barnaby Developer [email protected] www.BigYellowZone.com Web Design, Online Marketing and VPASP addons |
Edited by - devshb on February 05 2008 15:44:03 |
|
|
dwight
VP-CART New User
USA
143 Posts |
Posted - February 20 2008 : 06:40:48
|
Was wondering if anyone was using or had success with using
<META NAME="GOOGLEBOT" CONTENT="NOARCHIVE"> OR <META NAME="GOOGLEBOT" CONTENT="NOINDEX">
so that their site could not be found by searching for the terms "shopdisplayproducts" and other terms that point to a vpasp shopping cart.
Personally, I don't think this is the answer, but then if it slows the hackers while VPASP develops other security measures I'd like to use it.
thanks dwight bye |
|
|
apswater
VP-CART Super User
444 Posts |
Posted - February 20 2008 : 12:49:19
|
I thought about changing the file names. THat would prboably do a lot to stop hackers. I have to say we get alot of attempts, but we are locked up tight and have not had a problem.
|
|
|
|
Topic |
|