Well as promised I am letting everyone know what happened to the site. I want to pass this information on to those people that want to or are planning on unning OSCommerce as their shopping cart system (and potentially any other shopping cart based on php).
On Decemeber 10th, or near there, a vulnerability was discovered in OSCommerce that allows access to the file manager (the brain of the website essentially). On December 11th, my site was attacked and a malicious script (virus) was injected into the files that was a command to snag everyone's credit card data. Being that I do not accept credit card data or numbers through the site, this hack was in vain, although it did cause me lost hours and money trying to remove the script and patch the vulnerability.
Thankfully due to the last hacker attempt, I have a wonderful programmer I use out of the Ukraine who knows his stuff and got on it asap. If anyone ever needs a referral to a programmer that is fast and knows his stuff, send me an email, he's great!
So the site has been patched, which is great for me, but may not be for some other sites that have no idea this vulnerability exists and can exist. For now, please be cautious when purchasing anything online with your credit card through any OSCommerce websites. If the option exists to phone in your number use it! Or stick to PayPal.
The perpetrators (from what we can gather) are based in Vietnam. That's pretty much all we know. They are hacking into sites with vulnerabilities (which being this is a new one pretty much every site has it).
I wanted to share this because I want the word passed around about what is happening. OSCommerce has been notified and hopefully they will provide a fix for it. Until then pay a php expert to fix it.
Thank you,
Randi Carr
Friday, December 18, 2009
Subscribe to:
Posts (Atom)