Our site has been hacked. We are using the latest cs-cart version 2.0.0 Beta 3, but this person has managed to log in as admin even though we had changed the passwords from their defaults. They did not get access to the server account, so we can only assume that they must have gained access through cs-cart.
Has anyone else had anything similar happen to them?
[quote name=‘TheNewbie’]Our site has been hacked. We are using the latest cs-cart version 2.0.0 Beta 3, but this person has managed to log in as admin even though we had changed the passwords from their defaults. They did not get access to the server account, so we can only assume that they must have gained access through cs-cart.
Has anyone else had anything similar happen to them?[/QUOTE]
Hum…
This is very important to investigate.
Maybe you can pass the password to someone and this person used it (without you know that he knew it)
Or. “houston, we have a problem”:
Security in webstores are very very important.
Let’s try to know if someone else have the same problem. In my case, I haven’t installed the new beta version, yet.
Let’s wait an answer.
You have access to your weblogs? on the day it was hacked?
[quote name=‘ETInteractive’]You have access to your weblogs? on the day it was hacked?[/QUOTE]
Yes, we have access to the weblogs. I am informed that there are some suspicious logins to admin, but we will have to look closer to see how they did it.
I clicked on the “report a bug” button and sent this information to the developers and will update everyone with what they find once we receive a reply.
In the meantime, if anyone has any ideas on what happened, please let me know.
When my site was version 1.3.5 SP3 with the security update, I was being hacked into on a daily basis. It completely went away when I switched to 1.3.5 SP4.
There are quite a few threads on the forusm about the SQL injection vunearability.
Tried it on mine, it went to a 404 page not found, didn’t list any users or passwords. But i’m using 2.0.1 upgrade.