CAN CS-CART BE TRUSTED?

I am on the fence whether CS-Cart can be trusted. I just found out my store was “hacked” or whatever because a spam email went out to all my cart customers, obviously NOT sent by me, & the only other people with access is CS-Cart support. And I happen to be dealing with support right now.



Any thoughts? Can you all share whether you feel CS-Cart is trustworthy? Could something/someone else have hacked my customer database & done this?



EDIT Adding:

Ever since CS-cart accessed my admin to import missing customers, I went in to edit an order & it had a note saying the customer edited their information so I clicked to accept change it. It changed their email address to a spam-like email address. It did this on all new orders I was editing. NOW MY CUSTOMERS ARE GETTING SPAM EMAIL FROM MY CART! CS-CART Is the ONLY one that has access to our admin area! WHAT IS GOING ON!?



Crap like this happens only after CS-cart has needed to access my admin for some support issue.

Can the computers YOU have used to access your site and hosting admin be trusted? Are they secure and malware free? Is your server secure?



Think there's more than just CS-Cart to worry about here. Not passing judgement, just saying.



Which version of the software are you running? Have you:-



Changed your FTP password?

Changed your database password?

Changed your CS-Cart password?

Checked your file/folder permissions?

Re-uploaded the source files, in case of an altered source file?

My pc is very secure, I have live protection.

I'm running the latest cs-cart version now - recently upgraded from a very old one.

I have not changed any passwords & have not checked my file/folder permissions or re-uploaded source files, but will definitely do.



It started after cs-cart accessed my cart & worked with my customer data, which is the reason for that suspicion because it's the customer data affected. I would love to be wrong & overly paranoid here because we put alot of trust in them & are vulnerable.



What do I look for when checking file/folder permissions? Last time I edited them was when changing them per cs-carts instructions.

What did cs cart say about this

Do you really think cs-cart would be so stupid to use your shop to send some silly spam mail?



You say your pc is secure, but is your server secure? IT can be 100's, 1000's of things that gave others or bots access. You need to have a specialist look at this.

Cs-cart hasn't responded yet. I don't think CS-cart would be so stupid to do something blatant like that but maybe it's an employee. Wasn't trying to imply cs-cart the entity but the possibility of someone employeed there with access. I don't know how to check my sever security - is that my hosting company?

[quote name='Brennie369' timestamp='1349375081' post='146366']

Cs-cart hasn't responded yet. I don't think CS-cart would be so stupid to do something blatant like that but maybe it's an employee. Wasn't trying to imply cs-cart the entity but the possibility of someone employeed there with access. I don't know how to check my sever security - is that my hosting company?

[/quote]

First of all, you have to contact with your hosting provider, to check your webserver's and FTP's access log.

I don't think, that CS-Cart's team members are responsible for this attack.

What is your site address?

My site was hacked when PC got infected. Virus used filezilla stored passwords to access ftp…

Scan your website for malware:



[url=“http://sitecheck.sucuri.net/scanner/”]http://sitecheck.sucuri.net/scanner/[/url]

I hope this is not serious. You seriously think they are going to log into your website and send out spam emails? Why would they not spend $7 and buy their own domain and do it that way?

It is extremely unlikely that a CS-Cart employee would be responsible for something like that, seriously they deserve a bit more credit than this…



In the end, 9 times outta 10 a situation like this turns out to be nothing more than coincidental.



Brennie, do not for one minute completely rule out the idea that access to your site was made through your internal PC (just as Darius referred to), there have been many situations where a hacker gains access to an ecomm site through an admin's internal PC.



While you are waiting on a response from CS-Cart staff, I would highly recommend that you make certain you have the best antivirus and mallware preventative systems on your PC's (with continuous virus signature updates) currently available.



I would highly recommend one of the ESET antivirus programs and also install Malwarebytes to detect monitor & remove any mallware on your PC's. Personally, I will only use ESET (or Kaspersky Labs) on our Pc's for antivirus with hourly signature updates.



[url=“Apply to be a Malwarebytes Managed Service Provider”]http://www.malwarebytes.org/products/malwarebytes_pro/[/url]



[url=“Antivirus for Windows and macOS devices | ESET”]http://www.eset.com/us/home/products/antivirus/[/url]

I retract my comment. I apparently have some paranoid/trust issues to work on. Thanks to those who offered suggestions on alternate causes & routes of recourse.

[quote name=‘Brennie369’ timestamp=‘1349491880’ post=‘146513’]

I retract my comment. I apparently have some paranoid/trust issues to work on. Thanks to those who offered suggestions on alternate causes & routes of recourse.

[/quote]



Hope you were able to determine and fix the problem Brennie!



It is always a stressful situation to deal with when something like this occurs and also jeopardizes your business. ;-)

I had one issue where somehow I allowed anonymous FTP which caused script injection of some type crippling the site and also the backup copy that my host had. It was pretty bad (had to start all over). Long ago but learned my lesson.

Anonymous FTP has nothing to do with granting cs-cart access to your site for troubleshooting. In fact, I think they would decline to use an anonymous entry point. Way too much liability.

Check your server logs for ftp/sftp access and also email logs. Log files may provide information on any un-authorized logins or any other strange activities.



Also sending information such as passwords via email is not secure.



It is also a good idea to use a non default sftp port (Just change your SSH server port number), as this makes it more difficult to hack.



Database can be restricted to local connection only, if it resides on the same server.

i just want to add some comment hope this will help. try to use linux for your admin computer. and don't install anything that is not from linux repo.