Post by xaappx1 » Sun Oct 14, 2018 12:32 am

I have had customers tell me that their card was hacked after using our site. I tried with my own card and it was hacked.

I dug around and found the pp_pro.php file was hacked with one line that sends $request() to a hacker.

I am not sure how they did this as even the last modified date didn't change.

Anyone have this happen to them? how did you secure the site? my host isn't very helpful

thanks

Newbie

Posts

Joined
Wed Dec 06, 2017 6:19 am

Post by straightlight » Sun Oct 14, 2018 12:36 am

File modifications as such should be reported to your host for network activities. Not an OC issue even though the version you are currently using is pretty old.

The most generated errors being found on Opencart forum originates from contributed programming. The increased counters are caused by posted redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by xaappx1 » Sun Oct 14, 2018 12:52 am

Yeah, I hear you.

Permissions are 644, so I'm unsure how they hacked it. Are there better permissions someone recommends?

Newbie

Posts

Joined
Wed Dec 06, 2017 6:19 am

Post by straightlight » Sun Oct 14, 2018 1:06 am

444 would be the lease but not effective for all PCI servers. However, since we're looking at a network attack enquiry, contacting your host would be the best option.

The most generated errors being found on Opencart forum originates from contributed programming. The increased counters are caused by posted redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by khnaz35 » Sun Oct 14, 2018 1:03 pm

straightlight wrote:
Sun Oct 14, 2018 1:06 am
444 would be the lease but not effective for all PCI servers. However, since we're looking at a network attack enquiry, contacting your host would be the best option.
How about using SSL certificates will it not be useful ?

Always help others it's always come back, give and receive :)


User avatar
Active Member

Posts

Joined
Mon Aug 27, 2018 11:30 pm

Post by straightlight » Sun Oct 14, 2018 7:37 pm

khnaz35 wrote:
Sun Oct 14, 2018 1:03 pm
straightlight wrote:
Sun Oct 14, 2018 1:06 am
444 would be the lease but not effective for all PCI servers. However, since we're looking at a network attack enquiry, contacting your host would be the best option.
How about using SSL certificates will it not be useful ?
SSL certificates does provide security to users when browsing but has nothing to do with potential network attacks.

The most generated errors being found on Opencart forum originates from contributed programming. The increased counters are caused by posted redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by khnaz35 » Mon Oct 15, 2018 12:33 am

straightlight wrote:
Sun Oct 14, 2018 7:37 pm
khnaz35 wrote:
Sun Oct 14, 2018 1:03 pm
straightlight wrote:
Sun Oct 14, 2018 1:06 am
444 would be the lease but not effective for all PCI servers. However, since we're looking at a network attack enquiry, contacting your host would be the best option.
How about using SSL certificates will it not be useful ?
SSL certificates does provide security to users when browsing but has nothing to do with potential network attacks.
Good to know that, how about Sitelock ???

Always help others it's always come back, give and receive :)


User avatar
Active Member

Posts

Joined
Mon Aug 27, 2018 11:30 pm

Post by xaappx1 » Mon Oct 15, 2018 8:31 am

The host is blaming OpenCart, saying it's not secure. I'm really not sure who to believe.

But this is what I have: https://www.getastra.com/blog/911/how-t ... ware-hack/

and it's not getting fixed no matter what i do.

Newbie

Posts

Joined
Wed Dec 06, 2017 6:19 am

Post by straightlight » Mon Oct 15, 2018 9:32 am

xaappx1 wrote:
Mon Oct 15, 2018 8:31 am
The host is blaming OpenCart, saying it's not secure. I'm really not sure who to believe.

But this is what I have: https://www.getastra.com/blog/911/how-t ... ware-hack/

and it's not getting fixed no matter what i do.
If it's what you have and worry about security issues, using integrated platforms into Opencart or vice-versa is unsupported on the forum since it includes this reason and this reason on being about security issues outside the scope of Opencart. If your host mentions that Opencart is not safe, it's because no mention has been provided to them regarding integrated platforms. Which is why, using remote APIs / Webservices are the best option via SSL so to avoid high levels and potential risks through the network. Since Magento does not provide those services, at least not out of the box, not an issue with Opencart period.

The most generated errors being found on Opencart forum originates from contributed programming. The increased counters are caused by posted redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Tue Oct 16, 2018 12:07 am

Have you changed all your passwords? OpenCart admin, Hosting control panel, all FTP accounts, etc. Poor or stolen passwords is a common method of gaining access. Delete any unused accounts, such as FTP account you have given out to developers or for extension support.

A few other thing you could do.
Compare the files on your server to a clean version of the same version of OpenCart or a original backup. See if any files have been added that give access to your site.
Look through your web access logs for any suspicious activity around the time the hack was added.
Look through your servers FTP logs for any access that isn't you. You may need to ask your host for these.

ADD Creative - Web development and e-commerce development, Milton Keynes or Christchurch, UK
ADD Filtration - HVAC Panel Filters, Bag Filters and HEPA Filters


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Who is online

Users browsing this forum: Baidu [Spider] and 14 guests