Post by Melon » Tue Dec 18, 2012 12:16 am

Some how a user from Malaysia has gained access to our website using what looks to be like an account during the ordering process.

Im not sure if he had access to our database or admin area.

But he also created a coupon for 100 percent discount and also change the Paypal payment address to his own and changed it to another one a day later.

We have told Paypal of which they can see that this email has the same account linked to it.

His email addresses are darrylgohjenfai@gmail.com / kkgoh@msn.com / darryl.mw3@gmail.com / dar.goh.96@gmail.com and from his order he placed his IP is 175.143.255.97 but he used another persons account.

I am using the latest version of OpenCart and I have now changed all passwords to admin and control panels etc..

Is there anything I can do to track exactly how he gained access or is this a known exploit?

Thanks

Adam
Last edited by i2Paq on Tue Dec 18, 2012 12:21 am, edited 1 time in total.
Reason: Title adjusted

New member

Posts

Joined
Thu Feb 03, 2011 8:02 pm

Post by i2Paq » Tue Dec 18, 2012 12:21 am

Is your version an upgrade or a clean install?

Are you on a shared server?

Norman in 't Veldt
Moderator OpenCart Forums

_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.


User avatar
Global Moderator

Posts

Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands

Post by Melon » Tue Dec 18, 2012 12:32 am

1.5.4.1 and its a virtual server with only me as access

New member

Posts

Joined
Thu Feb 03, 2011 8:02 pm

Post by i2Paq » Tue Dec 18, 2012 12:40 am

Because you are the first to report such an issue I think it could be related to you server security setup.

Are there other websites running on that server?

Norman in 't Veldt
Moderator OpenCart Forums

_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.


User avatar
Global Moderator

Posts

Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands

Post by Melon » Tue Dec 18, 2012 1:01 am

yes, one other opencart site and other wordpress but they cant access each others areas.

New member

Posts

Joined
Thu Feb 03, 2011 8:02 pm

Post by i2Paq » Tue Dec 18, 2012 2:07 am

Wordpress is up-todate?

What version is the other OC?

Norman in 't Veldt
Moderator OpenCart Forums

_________________ READ and Search BEFORE POSTING _________________

Our FREE search: Find your answer FAST!.

[How to] BTW + Verzend + betaal setup.


User avatar
Global Moderator

Posts

Joined
Mon Nov 09, 2009 7:00 pm
Location - Winkel - The Netherlands

Post by Melon » Fri Dec 21, 2012 2:20 am

wordpress is not on this accounts hosting.

New member

Posts

Joined
Thu Feb 03, 2011 8:02 pm

Post by sttdci » Sun Mar 31, 2013 8:19 pm

Adam,

I sent you a PM as I had a run in with Darryl Goh last August 2012 - he defrauded me for only a small amount but PayPal were aware of his activities and failed to act upon them - I hope you had a better outcome than I did.

Alex

Newbie

Posts

Joined
Sun Mar 31, 2013 8:10 pm

Post by butte » Tue Apr 02, 2013 6:58 am

You can advise abuse@gmail.com and abuse@msn.com of his addresses there. A general search for his name(s) yields quite a few of him, either wearing different hats or as different people in fact.

You can check your server's logs (for traffic, statistics, whatnot) for his address(es) and regional server(s). That may give you an idea of how long he took to figure out what where.

You can block that address in .htaccess; and if you do not want or need orders from that region, then you can moreover block address ranges. Check your encryption key (inside admin panel) to ensure that neither you left it nor he changed it back to anything as simple as "12345". Change the database password, too, while you're at it (if you haven't already), and be especially careful where the username "root" is allowed to appear anywhere. If your virtual server is under auspices of Amazon or any other that has data centers strewn around the globe, you might as well tell their support what you know (and will presently learn), so that they can check subtleties in their own way.

PayPal's computers will not forget him or suspiciously similar ones (even now, look at the e-mail names); he may have been flagged without enough in the bag to nail him dead to rights; laws and locations may have been completely impractical to do the latter.

The documentation and forums for the software for forums, blogs, carts, routers, whatever, is for the owners' benefit but, of course, hackers know to look there for how to get in.

Guru Member

Posts

Joined
Wed Mar 20, 2013 6:58 am
Who is online

Users browsing this forum: No registered users and 12 guests