DataMouse Posted July 6, 2008 Posted July 6, 2008 Hi all I have a store on my site at http://www.datamouse.biz/catalog I had a phishing site add files to the catalog/images/ directory - which I have removed and rescured the backend (rename admin, htaccess, removed file_manager and protected directory on server too). The phishing attack added a load of additional payment modules (activated them in my admin area) and I couldn't remove them in the admin interface. I have manually removed the files from the server and re-uploaded the ones that I use (CC, paypal and FOC) However, the freeofcharge option doesn't get presented on the payment screen (checkout_payment.php) when the price is zero. I have repuloaded the modues, the checkout files and reinstalled the contribution - still no joy. The only thing that may or may not be different (not noticed before) is that the admin screen refers to the contribution as "Enable Cash On Delivery Module". but it also says that "Grand Total is $0.00, so the charge is free" - so I think that this may be nothing. Any ideas on what I can do to fix? I have loads of free stuff that people cannot get now! I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
Guest Posted July 6, 2008 Posted July 6, 2008 Hi all I have a store on my site at http://www.datamouse.biz/catalog I had a phishing site add files to the catalog/images/ directory - which I have removed and rescured the backend (rename admin, htaccess, removed file_manager and protected directory on server too). The phishing attack added a load of additional payment modules (activated them in my admin area) and I couldn't remove them in the admin interface. I have manually removed the files from the server and re-uploaded the ones that I use (CC, paypal and FOC) However, the freeofcharge option doesn't get presented on the payment screen (checkout_payment.php) when the price is zero. I have repuloaded the modues, the checkout files and reinstalled the contribution - still no joy. The only thing that may or may not be different (not noticed before) is that the admin screen refers to the contribution as "Enable Cash On Delivery Module". but it also says that "Grand Total is $0.00, so the charge is free" - so I think that this may be nothing. Any ideas on what I can do to fix? I have loads of free stuff that people cannot get now! Gee, your site is slower than the osc site. Did you try remove, then install?
DataMouse Posted July 6, 2008 Author Posted July 6, 2008 How do you mean "remove and install"? The whole site or just the contrib? I've uninstalled the contrib and reuploaded and reinstalled. I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
Guest Posted July 6, 2008 Posted July 6, 2008 How do you mean "remove and install"? The whole site or just the contrib?I've uninstalled the contrib and reuploaded and reinstalled. No, just the payment module. Odd that COD is showing. Are the payment modules you are using the only ones in the payment directories (both modules and languages) ie no other files, not even back up files?
DataMouse Posted July 6, 2008 Author Posted July 6, 2008 No others - there were, but I've stripped them all out. Now there's only freeofcharge, CC and paypal. CC is not installed in Admin. Paypa and FOC are installed - but only PayPal shows as an available option. I'm thinking that the payment mod is OK, and that it's the checkout process itself. Also, not noticed that the site is slow. Seems Ok from this end... I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
DataMouse Posted July 6, 2008 Author Posted July 6, 2008 A new development. If I remove the PayPal option (uninstall in admin), the free of charge works... WTF? I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
DataMouse Posted July 6, 2008 Author Posted July 6, 2008 Sorted. If I try and amend the sort order (display order) for payment types, it cocks up. I'll leave it with default order and it's fine. I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
Guest Posted July 7, 2008 Posted July 7, 2008 Sorted.If I try and amend the sort order (display order) for payment types, it cocks up. I'll leave it with default order and it's fine. Hmm, I was going to suggest giving them all a unique sort order above zero. Glad you fixed it. Now, the phishing matter, do you know how they got in?
DataMouse Posted July 7, 2008 Author Posted July 7, 2008 Hmm, I was going to suggest giving them all a unique sort order above zero. Glad you fixed it. Now, the phishing matter, do you know how they got in? Short answer - nope. My folder and files are all correct (755/644 etc) - so I'm assuming that they must have gotten FTP passwords, possibly, maybe. I've resecured the site itself (removed files and checked folders, plus renaming admin, removed file_manager.php - which is what my host reckons they used to get in). I planned on leaving FTP passwords the same, just as a bit of a honeypot to check if it is this that they exploited... What do you reckon? I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
Guest Posted July 7, 2008 Posted July 7, 2008 Short answer - nope.My folder and files are all correct (755/644 etc) - so I'm assuming that they must have gotten FTP passwords, possibly, maybe. I've resecured the site itself (removed files and checked folders, plus renaming admin, removed file_manager.php - which is what my host reckons they used to get in). I planned on leaving FTP passwords the same, just as a bit of a honeypot to check if it is this that they exploited... What do you reckon? If they got in through the admin file manager, how can that be done if the admin is secure? As for perhaps leaving a door open to see if that is how they got in, will that achieve anything?
DataMouse Posted July 7, 2008 Author Posted July 7, 2008 The admin areas is protected and is passworded too. The only way to get in (that I can think of) is that they have the password. If that's the case, I will need to change it. If not, it must be one of the other methods. So I've secured the other methods and left the password unchanged, so that I know if I secured the other methods correctly. Does that make sense? The only way in now is via a password to the new admin directory. I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
Guest Posted July 7, 2008 Posted July 7, 2008 The admin areas is protected and is passworded too.The only way to get in (that I can think of) is that they have the password. If that's the case, I will need to change it. If not, it must be one of the other methods. So I've secured the other methods and left the password unchanged, so that I know if I secured the other methods correctly. Does that make sense? The only way in now is via a password to the new admin directory. So if you get hacked again, you will assume that it is via ftp?
DataMouse Posted July 7, 2008 Author Posted July 7, 2008 So if you get hacked again, you will assume that it is via ftp? Exactly. I's always used on FTP program. I recently started using another (AceFTP), which is free - but has adverts on the software interface. I have a feeling that this may be keylogging or passing FTP passwords back somewhere. I can't think of any other way that someone has gotten them - they're quite strong... I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
Guest Posted July 7, 2008 Posted July 7, 2008 Exactly.I's always used on FTP program. I recently started using another (AceFTP), which is free - but has adverts on the software interface. I have a feeling that this may be keylogging or passing FTP passwords back somewhere. I can't think of any other way that someone has gotten them - they're quite strong... OK, the penny drops.
DataMouse Posted July 7, 2008 Author Posted July 7, 2008 If that is the case, I shall be most annoyed... But, as it stands, I cannot figure out any other way they got in... <_< I had a blind date last night. Her name was ..:. :.: :: .. ::. :. ::. Black Web 2.0 Buttons Blue Orb Web 2.0 Buttons Mac "Aqua" Buttons Black Gloss Buttons Red Gloss Buttons (with metal edging)
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.