Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Reset customer passwords


Banana Man

Recommended Posts

Hi,

 

My site was hacked a few days ago and i have since installed a good few security mods to help prevent it again in the future. I was wondering though if their are other things i should be concered about i.e. customer passwords on my site. Is their a way of updating everyones password and sending them out an email explaining what happened?

 

Thanks

Link to comment
Share on other sites

Hi,

 

My site was hacked a few days ago and i have since installed a good few security mods to help prevent it again in the future. I was wondering though if their are other things i should be concered about i.e. customer passwords on my site. Is their a way of updating everyones password and sending them out an email explaining what happened?

 

Thanks

 

 

This contribution HERE

 

Then email them via admin.

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Hi,

 

My site was hacked a few days ago and i have since installed a good few security mods to help prevent it again in the future. I was wondering though if their are other things i should be concered about i.e. customer passwords on my site. Is their a way of updating everyones password and sending them out an email explaining what happened?

 

Thanks

There is no need to reset everyone's password. The passwords are encrypted and are not even readable by the server administrators. The only way the accounts could have been compromised is if the hackers changed the email addresses and had new passwords sent to them at their hacker address. Quite unlikely. If they wanted the customer details all they had to do was to take it one step further and download the entire database. They are not going to fool with single accounts. What do you think they would do? Buy something?

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

There is no need to reset everyone's password. The passwords are encrypted and are not even readable by the server administrators. The only way the accounts could have been compromised is if the hackers changed the email addresses and had new passwords sent to them at their hacker address. Quite unlikely. If they wanted the customer details all they had to do was to take it one step further and download the entire database. They are not going to fool with single accounts. What do you think they would do? Buy something?

 

From what i know its fairly easy to unencrypt a hashed password. They could then be used to try and access other websites where the customers have used the same email and password login details.

Link to comment
Share on other sites

From what i know its fairly easy to unencrypt a hashed password. They could then be used to try and access other websites where the customers have used the same email and password login details.

But there is a 'salt' added to the password during encryption. Makes decrypting it much more difficult.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...