Please help us to make AbanteCart Ideal Open Source Ecommerce Solution for everyone.

Support AbanteCart eCommerce

Author Topic: Store showing random customer info to everyone  (Read 4485 times)

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Store showing random customer info to everyone
« on: January 08, 2015, 12:27:41 PM »
Suddenly, our online store is just showing seemingly random customer info to anyone who visits the store. They don't have to log in or anything. Someone who called in on the phone even said she saw another customer's credit card info. I had to put the store in maintenance mode for obvious reasons. Any idea what went wrong or how this can be fixed?
« Last Edit: January 15, 2015, 04:30:28 PM by lostmytophat »

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4151
  • Karma: +251/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Store showing random customer info to everyone
« Reply #1 on: January 08, 2015, 12:30:43 PM »
Did you have any custom work done for AbanteCart? Credit cards are nor stored in AbanteCart.

Can you PM screenshot of what was shown on storefront and access to your admin so I will check?
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #2 on: January 08, 2015, 12:50:38 PM »
I can't get the screen shot w/out opening the store again, and unfortunately I can't give you the admin info without the ok from my boss, who's on a business trip at the moment... I did tell our web host about the problem though. It might be that someone just hacked us or something, I really have no idea (it's such an odd problem). I'll let you know what the web host people say once their support people get back to me, and if I can get the okay from my boss, I'll get back to you with the admin info when I can also.

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4151
  • Karma: +251/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Store showing random customer info to everyone
« Reply #3 on: January 08, 2015, 12:55:12 PM »
It is possible that your site was hacked. Check dates on php files and make sure permissions are secured.
If your PHP files are compromised, you might want to take your site offline completely as maintenance mode might not help.

You did not answer my first question by the way.
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #4 on: January 08, 2015, 12:59:26 PM »
Oh, sorry. No, I don't think there was much customizing. Just a custom CSS. Other than that, just using the UPS, FedEx, and Authorize.net plugins. I can't think of anything else that's been changed or customized.

And I'll do my best to look into the PHP (I'm not an expert in this sort of thing though, just a graphics designer who's somewhat talented at figuring things out when I need to).

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #5 on: January 08, 2015, 01:01:01 PM »
Also, I'll try to take the site off line too if that will help... just have to figure out how to do that...

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #6 on: January 08, 2015, 01:03:29 PM »
I just heard back from our web host company, and you were right, there were compromised PHP files. They are running a full scan now.

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4151
  • Karma: +251/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Store showing random customer info to everyone
« Reply #7 on: January 08, 2015, 01:09:43 PM »
Please share details, how this actually happened, if you have details.
This will be valuable for everyone to know and prevent this in the future.   
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #8 on: January 08, 2015, 01:14:26 PM »
Here's what I have from our host so far:

These malicious files have been uploaded on these dates:
############################
File: `./store/extensions/default_perpetual_payments/storefront/.press45.php'
Size: 19203 Blocks: 40 IO Block: 4096 regular file
Device: 805h/2053d Inode: 61022395 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 1157/store) Gid: ( 1152/store)
Access: 2014-10-03 18:06:56.000000000 -0400
Modify: 2014-10-03 18:06:56.000000000 -0400
Change: 2014-12-08 16:03:39.000000000 -0500
############################

I'll let you know when I have more.

Also, is there a setting inside AbanteCart Cart to take the store off line?

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4151
  • Karma: +251/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Store showing random customer info to everyone
« Reply #9 on: January 08, 2015, 01:21:40 PM »
No. Just change permission on main index.php or rename it.

Interesting to know what request was used to place .press45.php file in the directory.
You can probably find this in the server log.
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #10 on: January 08, 2015, 01:52:21 PM »
Thanks for the info. And I don't really know how to find the info you asked for in our logs. I will ask our web host people though and let you know what they tell me.

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #11 on: January 08, 2015, 02:17:56 PM »
Is there a way you can tell me what the likelihood is on our customers' info being compromised over this? Or even if it's possible that the hacker could have gotten credit card #s? Like I said, we Authorize.net for credit card transactions, but is there a way the hacker could have gotten to that info through AbanteCart Cart's interface with Authorize.net?

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #12 on: January 08, 2015, 02:33:32 PM »
I just talked with Authorize.net, and they say that the credit card info is secure, but that there's a chance that the credit card info entered after the site was hacked could have been stolen by the malicious PHP sending the info to both a 3rd party and Authorize.net (but only those entered after, none before).

Offline abantecart

  • Administrator
  • Hero Member
  • *****
  • Posts: 4151
  • Karma: +251/-9
    • View Profile
    • Ideal Open Source Ecommerce Solution
Re: Store showing random customer info to everyone
« Reply #13 on: January 08, 2015, 02:50:49 PM »
I just talked with Authorize.net, and they say that the credit card info is secure, but that there's a chance that the credit card info entered after the site was hacked could have been stolen by the malicious PHP sending the info to both a 3rd party and Authorize.net (but only those entered after, none before).
Authorize.net payment does not store credit cards on your site. Credit card details are passed to Authorize.net server and no longer available. You should be OK here.
We need your help to build better free open source eCommerce platform for everyone.
See how you can help

Offline lostmytophat

  • Newbie
  • *
  • Posts: 27
  • Karma: +5/-0
    • View Profile
Re: Store showing random customer info to everyone
« Reply #14 on: January 14, 2015, 12:29:49 PM »
I did ask our web hosts about it, but I wasn't able to find out anything about the request used from them unfortunately.
I ended up having to scrap the whole store, do a new install, and build it again from scratch, actually. And, as bad luck would have it, I'm having some trouble with it. The image zoom feature, reviews, and the final payment submission button aren't working. Any idea what could be causing that?

 

Powered by SMFPacks Social Login Mod