Compromised Store?

[satkin2]

Hi

 

I'm worried that my store may have been hacked or compromised. I logged into my admin page today and saw that I had apparently got a new customer who had purchased a product yesterday. Great I thought, my first sale. But then I have looked a little further and am very concerned.

 

1. The customer has put garbage for their address. I accept some people may do this to just mess around, but if you are purchasing why would you.

2. I then googled the name of the customer and google came back with the suggestion did you mean John Ripper, (the customers name bears a close resemblance)

3. Looking at the links google offered up I see that John the Ripper is a password cracking tool.

4. The apparent sale has not sent out an email to me telling me of the sale, likewise no money has entered my paypal account.

 

When I look at all of these things I'm extremely suspicious that this is a bogus sale and that my site may have been compromised in some way. I'm very concerned that this may be the case. Has anyone on here had similar experiences? I used add-on contributions prior to launching to try and avoid this sort of thing, but as this is my first osCommerce site it's all very new to me.

 

I am going to take the site down in the mean time as I don't want any further possible attacks.

 

Any advice would be really appreciated.

 

Thanks

 

Satkin

[Guest]

Steve,

 

 

If you have secured your site, then the chances of hacker entry is unlikely. I would not take down your store. I suggest deleting the customer account and monitor the store. Some customers don't want to enter their information, or perhaps someone liked the layout of the store and wanted to see how the checkout process worked.

 

The part about not receiving payment in PayPal leads me to think you are using PayPal Standard. This is a known problem with PayPal Standard so verify every payment before shipping your products. As you store becomes busier, you may want to consider using PayPal Express or PayPal Pro as they do not allow 'false orders' to be logged into your admin area.

 

 

 

Chris

[FIMBLE]

i am not sure that a user would "hack" your site just to make a false purchase.

Have you viewed your access logs and error logs to see if anything has gone on there?

Also check your passwords for administrators and make sure no extra admins have been added, there is a way you can make a false order in osC and its not hard at all to do, but is normally done on stores that offer downloads.

If you are really sure there has been an intrusion you need to check your file base for any files / code added, to me though, from what you have said i think its pretty unlikely.

 

You would be advised to install security measures detailed in this forum.

You have not said which payment method you use,

[satkin2]

Hi,

Thanks for your responses. I think I may be getting overly panicked by this. osCommerce and online trading is all very new to me so I guess when something isn't straight forward I'm coming up with a worst case scenario in my head. Added to the fact that when I logged in and saw what would be my first order and then an incomplete order I guess I just suspected the worst due to unfamiliarity.

 

I can confirm I am using PayPal Website Payments Standard so this would explain what appears to be an order but one that hasn't completed. I've tried it out myself, stopping once I got to the PayPal login page and that too is showing as an order, even though it didn't complete.

 

The customer name being so similar to the password cracking programme set alarm bells ringing for me, but yes I can understand why a user may login to go through the checkout process. I myself created accounts on my site to test how it looked.

 

As I say, this is all very new to me, I'm not quite sure what you mean by have a look at access and error logs, are these going to be on my hosting page?

 

There aren't any new administrators so that's checking out ok too.

 

I did follow the installation of security measures detailed on here, so as I said earlier I may just be over reacting. I've taken the links to the store down for the time being, and re-routed them to my Etsy shop instead. I'll have a look on these boards again and double check all of the security advice and carry it out.

 

One final question, should someone into my admin would they be able to access the passwords of customers if they knew how, I wouldn't know how to see them but I guess someone in the know would. PS I don't want to know how to do this, just interested if this fear is unfounded or theoretically possible.

 

Thanks again guys.

[FIMBLE]

customer passwords are encrypted and help in the database so it is not very likely to happen no.

So long as you monitor your file set, use site monitor from the addons section, its not listed on the security forum as a must have but it should be!

if used correctly will tell you of any file changes, weather you made them or by another influence,

You are right to be concerned but not overly, so long as you are sensible and have changed your admin folder name and have the security pro installed you are pretty safe, then rest will help also

Nic

 

Oh, and as suggested already upgrade to a better PayPal module!