Post by Daniel » Thu May 24, 2018 10:12 pm

A few members have contacted me to tell me that they have recieved an email from a fake opencart site.

https://opencart.us.com/update

Do not install this software because your site will probably be hacked!

Not sure how they got so many emails but it was not from opencart.com.

This is the email
From: Update Alert <noreply@opencart.com>
Date: Thu, May 24, 2018 at 5:06 AM
Subject: Enquiry Update Alert
To: ***@*****.com


OpenCart Security Update 3.0.4 – Update Immediately

OpenCart Core version 3.0.4 has just been released.All previous versions of OpenCart core are vulnerable to RCE attacks.
To update OpenCart, please follow the link in this message.

https://opencart.us.com/update

Best Wishes,
Opencart Security Team

OpenCart®
Project Owner & Developer.
OpenCart commercial support now available!


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by IP_CAM » Fri May 25, 2018 1:40 am

Well, that additional JS File might contain a problem, at least, if it's not part
of a latest default version ... :
update\catalog\assets\js\jquery-2.js
exept for the YANDEX - insert, with really should not be part of a default OC anyway ...
it could even be against latest EU Regulations :D
---
Image

Attachments

oc_update_clone.jpg

oc_update_clone.jpg (556.72 KiB) Viewed 869 times


Ernie's OpenCart v.1.5.6.5 LIGHT + V-Pro + OpenShop Admin v.1.75 Test Sites
http://www.bigmax.ch - http://www.opencart.li/shop/
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by Johnathan » Fri May 25, 2018 10:31 pm

Thanks for the warning, Daniel.

Image
Image Image Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by miklcct » Tue May 29, 2018 6:09 pm

DO NOT INSTALL ANYTHING FROM THAT RUSSIAN SITE OR ENTER ANY INFORMATION INTO IT!

I have checked the package, it will install a backdoor using obfuscated code and send the information to a gateway located at http://opencart.us.com/gate.php

Please report such mail as spam immediately when you receive it.

Administrator

Posts

Joined
Wed Mar 14, 2018 10:00 am

Post by billynoah » Wed May 30, 2018 12:27 am

The emails my clients received all came through the Contact Us form in older versions of Opencart (pre 2.0). Pretty sure there's a botnet scanning for Opencart sites and sending these emails. As Daniel suggested in our correspondence, it would be advisable to replace the older captcha with Google reCaptcha to prevent these and all kinds of other bot email scams.

For users of legacy versions I'm offering the attached vQmod for free to help remedy this exploit - it replaces older captcha with Google reCaptcha for Contact Form, Affiliate registration and Customer Registration. To use it you will need to register you site here to obtain keys:

https://www.google.com/recaptcha/admin

Settings to add your keys can be found in the system > settings > server tab.

Note: The attached software has been preliminarily tested on OC 1.5.6.4 using default theme. If you find a bug please report it here and I'll do my best to fix it in a timely manner. It should work out of the box with most third party themes, however if it doesn't and you need help you can post on the commercial support forums or email me directly for paid support.

Attachments


Image


User avatar
Active Member

Posts

Joined
Tue Jan 15, 2013 12:46 pm

Post by purpletreesoft » Tue Jun 19, 2018 12:55 pm

As on date it is a reported site and blocked by many AV. Things achieve their fate, even if slowly.

Purpletree Software LLP
Skype: dpsmails
Check new features in our Multivendor Marketplace Extension


User avatar

Posts

Joined
Thu Jun 22, 2017 10:17 pm


Post by ujjawal_77 » Sat Jul 07, 2018 1:42 pm

Why open developer use a auto version update feature like worldpress so that from admin itself, the latest version of opencart could be updated without taking all pain. Update scripts are not rebust and require much of technical knowledge.

Newbie

Posts

Joined
Sat Jul 07, 2018 1:36 pm
Who is online

Users browsing this forum: No registered users and 24 guests