Sites been fine since i installed it in January. I recently had a problem (bug tracker [URL=“http://forum.cs-cart.com/vbugs.php?do=view&vbug_id=1855”]http://forum.cs-cart.com/vbugs.php?do=view&vbug_id=1855[/URL] ) and cscart asked for my password/login details for cs cart and FTP which i sent via email.
For some reason i had been getting only "open " orders recently. I usually get a few intermittent ones but i had 5 or 6 continuous. I went in and checked my setting in paypal payment settings only to find a email address karar@att.net where my login information should have been. I don’t know if it’s coincidence or what but it VERY SUSPICIOUS that after giving cscart my info i get hacked. I can’t put it down to anything else but them, maybe not directly but site information was used to get into my site and then paypal setting altered.
As for anyone giving their information to cscart i would strongly advise you not to.
In the mean time i have altered the adminxxx.php to another and changed logins on site and ftp etc.
The next thing for me to do is inform paypal about the scam.
Is the any thing more i should check/alter to stop more problems.
I have just tried to pay karar@att.net 1p and paypal is saying
“This recipient is currently unable to receive money.”
guess that’s a good thing as i guess there looking into it.
[quote name=‘mrfoameruk’]cscart asked for my password/login details for cs cart and FTP which i sent via email.[/QUOTE]
I doubt that CS Cart hacked your paypal. Sure someone there could have taken your information and used it maliciously. However, never never never never, email passwords and login details. Email is not safe or secure and most likely this is how you got hacked.
Well i learnt my lesson and i guess the lesson is don’t trust ANYONE. There are a number of scenarios of how it could have happened. I am the only person who knows the details apart from cscart. It may not necessarily be them but they could have a problem with their security (virus/trojans etc) but it could just as well been a email problem (although seems a bit more unlikely, but i’m no security expert).
Just a heads up for anyone thinking of sending their valuable information to anyone.
You should have changed login info once CS Cart was done helping you.
…those pesky Russians… 
Thing is they never did help. it’s still in the bug tracker waiting.
If they ask for it again they wont be getting the new access detail.
Biggest problem is explaining to customers the problem without them getting worried about their own security. I will be reimbursing the customers who want a refund and sending the goods to the ones that still want the items.
As for the reason I’ve explain there was a problem with the paypal payment system when we had a upgrade to the software. Which is basically the truth.