Author |
Topic |
|
candude
VP-CART New User
Canada
77 Posts |
Posted - October 30 2005 : 19:52:14
|
hello.. recently i have been attacked frrom hackers from indonesia.. i have changed passwords and implemented all security updates, however still the hacker keeps on changing shop parameters somehow? (like turning the store closed option on, etC)
i use v4 - what can i do?
thanks, alex
----------------------- VP-ASP: Installation, Customization and Security http://www.sublet.net/vpasp/ |
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - October 31 2005 : 04:29:11
|
It's a really difficult dillemma, because posting the causes/solutions here would help the hackers. But not posting them here might lead to people not being able to plug their sites.
I think the best thing to do would be to either upgrade to a later version of vpasp, or if you can't upgrade due to having too many customisations then go through the security updates one-by-one and even for post-v4 fixes apply those (changed as appropriate for v4) where relevant to your version.
Simon Barnaby Developer [email protected] www.BigYellowZone.com Web Design, Online Marketing and VPASP addons |
|
|
greatphoto
VP-CART Super User
USA
304 Posts |
Posted - October 31 2005 : 06:35:26
|
quote:
It's a really difficult dillemma, because posting the causes/solutions here would help the hackers. But not posting them here might lead to people not being able to plug their sites.
Yes, this is a very important point. That's why it would be good to move this discussion to the owners-only private security forum. I feel that all VP-ASP cart owners should join this forum. Information is available here: http://www.vpasp.com/virtprog/vpaspforum/topic.asp?TOPIC_ID=2989
Note that VP-ASP and YourVirtualStore have merged, so the private forum is now endorsed by our very own support team!
Nathan
|
|
|
apswater
VP-CART Super User
444 Posts |
Posted - October 31 2005 : 08:46:03
|
Make sure you have all the SQL Inject updates. Also you need to get a hold of your weblo file and it will show you exactly how he got in.
|
|
|
apswater
VP-CART Super User
444 Posts |
Posted - October 31 2005 : 08:47:34
|
I think it would be good for someone like Simon to write a fake shopadmin.asp that will either mess up or track the hackers. There must be something we can slip in that will be usefull for us and will make then think twice about hacking through that file anyway...
|
|
|
candude
VP-CART New User
Canada
77 Posts |
Posted - November 01 2005 : 21:05:36
|
just thought you guys would like an update to our customers site. and that indonesian hacker.. apparently he used that upload problem to upload one of the asp remote commande exec files to view our clients whole server..
we have patched all files and removed any possible trojans.. changed passwords..
man - VPASP should email any security things like that right away.. without us needing to go through every file for 3 days!
lotsa headache.. alex
p.s. check your files for any suspicious files.. as well as check your logs / and backup files!!!
p.p.s. another security problem to come??? :)
----------------------- VP-ASP: Installation, Customization and Security http://www.sublet.net/vpasp/ |
|
|
support
Administrator
4679 Posts |
Posted - November 07 2005 : 22:43:33
|
Dear Candude,
Sorry for the issues you have experienced.
We posted the fix for this back in April this year and then re-released it in September to highlight the urgency of this patch.
We STRONGLY recommend that everyone install the upload patch ASAP.
We are also now being more pro-active and have started a newsletter informing customers of new security patches, new products and general news at VP-ASP.
We hope to help everyone of our customers keep on top of their site security.
Thanks, Cam Flanigan VPASP Sales
|
|
|
|
Topic |
|