CryptoPHP infects x thousend servers
Posted: Sat Nov 29, 2014 1:38 am
While that did not happend until yet (or I did not hear until today), it could happen very soon also with OpenCart scripts which are not from official sources, meaning so called 'nulled' scripts which are existing and available from different websites.
First I have to say if someone infects his own webserver / webshop with such a 'virus/worm/etc.' I have no sympathy with this guy.
It is his own fault if he install scripts form suspicious servers/services!
But - and this is the main fact - these servers are a potential risk for every customer who comes to your shop and want to buy products.
In the worst scenario these morons are giving customer data away (in sending them in the background to someone else).
The conclusio is: get templates, modules, extensions only from official websites!
There are too many stupid scriptkiddies out there who are trying to damage.
If you are not able to spend a few bucks for an extension, a template you are not qualified to operate a webshop.
The following article is in German:
http://www.heise.de/security/meldung/Cr ... 67962.html
But here is the pdf to read in English:
https://foxitsecurity.files.wordpress.c ... srt-v4.pdf
And here is a official script of the company who detected that bot to check if your server is compromised:
https://github.com/fox-it/cryptophp/tree/master/scripts
First I have to say if someone infects his own webserver / webshop with such a 'virus/worm/etc.' I have no sympathy with this guy.
It is his own fault if he install scripts form suspicious servers/services!
But - and this is the main fact - these servers are a potential risk for every customer who comes to your shop and want to buy products.
In the worst scenario these morons are giving customer data away (in sending them in the background to someone else).
The conclusio is: get templates, modules, extensions only from official websites!
There are too many stupid scriptkiddies out there who are trying to damage.
If you are not able to spend a few bucks for an extension, a template you are not qualified to operate a webshop.
The following article is in German:
http://www.heise.de/security/meldung/Cr ... 67962.html
But here is the pdf to read in English:
https://foxitsecurity.files.wordpress.c ... srt-v4.pdf
And here is a official script of the company who detected that bot to check if your server is compromised:
https://github.com/fox-it/cryptophp/tree/master/scripts