Customer Email Ids Data Stolen ?

We use CS-Cart 4.0.3 Pro full from last 1.5 years .



A customer who registered on 6th Aug 2015 mailed today (9th Aug 2015) that after registering on our website he started getting spam/phishing mails.



He claimed that we sold his email ID (which is surely not the case) . We require customer registration before they can see prices /order as we sell item like knives , crossbow , archery etc which should be sold to adults only and they should be membe r of sports assocition (due to local laws).



I doubt the claim as that has not happened before to any of our customer (technically speaking- no one reported/said anything like before) and we/our friends ourselves are registered on the website as customer with our private emails IDs (not free mail service but on our own private domain ) and never got spam or phishing mail.



I doubt it based on 3 points

He had a grouse that we need compulsory registration (but could not buy from us as he does not fulfill the rules)

He registered on 6th and says that he immediately got spam (“[font=courier new,courier,monospace]just after I registered[/font]” - sic) but mailed on 9th regarding it .

He threatened to take legal action (for a free email ID which is owned by gmail) knowing that its not possible due to regulatory reasons here) maybe a super paranoid to take pain going to that length.



I am giving this details so that you understand that it is highly unlikely that he got spam because of us.



But then a thought came my mind - maybe we were hacked ? Or our DB being stolen / accessed for email IDs ?



As an experiment we have registered new profiles on our website using some free mail service like yahoo and gmail and will check them regularly to see whether they get spam . These IDs have not been used anywhere else and created just for this - but this could take time



So is there any way to check this out - particularly for email IDs ?



Thanks

Our EZ Admin Helper addon has an action that will check your site for known security vulnerabilities and intrusions. It does 13 different checks currently. But do note, it is not a malware/virus scanner. We only check signatures we know about and that have been specific to cs-cart. It's a cheap addon and has a variety of features.

Thanks Tony, already have it, purchased it earlier but installed just yesterday.



Can you explain what do the following do ?



Backup site (is every file backed up ?)

Update ip_info database (what does it do ?)

Reset user passwords (which users , only administrator ?)



Also - we are getting multiple emails for orders placed (multiple emails for 1 order) It seems after we activated EZ Email logging, but will check it out by disabling it.



Thanks

Also noted that below in logs



[color=#333333]Email (Sent)[/color]

TO:[color=#333333] [/color][color=#333333]default_company_orders_department[/color]

From:[color=#333333] [/color][color=#333333]orders@XXXXXXXXXXX.com - XXXXX XXXXX[/color]

Subject:[color=#333333] [/color][color=#333333]: Order # [/color]

Bcc:[color=#333333] [/color][color=#333333]XXXX@[/color][color=#333333]XXXXXXXXXXX[/color][color=#333333].com[/color]



[color=#333333]Instead of default email id, the mails should go to only the ID given in BCC , where can it be changed ? (but i think it will be changed back to original during update )[/color]

[font=“Helvetica Neue, Helvetica, Arial, sans-serif”][color=“#333333”][size=3]I suggest that the there should be option to send mail logs only to selected ID , it is lot of work for the orders deptt. to check these mails as there area lot of activity and therefore lots of these mails . Hope you understood what i suggested. [/size][/color][/font]

[font=“Helvetica Neue, Helvetica, Arial, sans-serif”][color=“#333333”][size=3]Email logging is good only for occasional checks and reverting to them in case of dispute [/size][/color][/font]



[color=#333333][size=3]Thanks [/size][/color]

[quote name='newuser' timestamp='1439226991' post='226269']

Thanks Tony, already have it, purchased it earlier but installed just yesterday.



Can you explain what do the following do ?



Backup site (is every file backed up ?)

[/quote]

There is an exclusion listof files/directories as part of the addon settings that applies to both backups and for file compares. It is a regular expression (basically directory names separated by an '|' indicating 'OR"). The default (distributed) value is:

#var/cache|var/compiled|var/upgrade|var/database|var/logs|var/ez_backup|var/ez_upgrade#

[quote]

Update ip_info database (what does it do ?)

[/quote]

It goes to maxmind and fetches the most current IP database used in cs-cart. Note that granularity is country. Maxmind updates on the 15th of the month so you should set the fetch to be a date after that and doing it more than monthly is a waste of time.

[quote]

Reset user passwords (which users , only administrator ?)

[/quote]

No, it does not do adminstrators, on ly customers. We assume that you already have password management set at your desired frequency for administrative users. If not, you should.


[quote]

Also - we are getting multiple emails for orders placed (multiple emails for 1 order) It seems after we activated EZ Email logging, but will check it out by disabling it.



Thanks

[/quote]

I doubt the two are related. While it uses the same undertlying mail send methods, it is not tied to order status or shipment changes which is what generates order notifications.

The admin 'To' settings are set in the Company settings.

Our Email Logging addon is intended to simply capture what cs-cart sends out through it's standard mailing mechanisms and allows for a BCC address to be added to all outgoing emails sent through the system.

Which of the below does it use in “To” field





User department e-mail address:



Site administrator e-mail address:



Order department e-mail address:



Help/Support department e-mail address:



Reply-To newsletter e-mail address:

[quote name='newuser' timestamp='1439274415' post='226295']

Which of the below does it use in “To” field

[/quote]



What “it” are you referring to? Cs-cart works a little goofy. It sends multiple emails rather than using CC or BCC lists for copies to the admin emails. So in one invoice it uses the customer's email address and in the 2nd one (copy to admin) it uses 'orders_department' of the company related to the order.

By “it” I meant EZ Admin Helper



-----



Just made a cron job for EZ Admin Helper and got below error;



Cron Daemon Today at 9:30 PM



[font=courier new,courier,monospace]
[/font]

[font=courier new,courier,monospace]Parse error: syntax error, unexpected T_STRING, expecting T_CONSTANT_ENCAPSED_STRING or '(' in /home/content/XXXX/XXXXXXXXX/html/app/addons/ez_maint/cron_iface.php on line 26
[/font]

Please send us an email (or use the contact us page on our site) with your URL. Be happy to check on this for you.

Line 26 is: use Tygh\Registry; in the current version, so I can only assume you have a modified cron_iface.php file or you have some file corruption.

Regarding “it” are you asking what EZ Admin Helper uses in the To field for the emails it sends when configured to do so? If so, it uses the email address in the 'Email notification' column on the manage page.



If you're referring to what the “EZ Email Logging” addon reports in the log for the 'To' field, the answer is that it uses whatever the 'To' field is set to in the email. It does not create any emails (other than BCC if one is specified and then it uses that address) but rather reports on what was sent and to whom.