Jump to content

 

lschris

Member Since 01 Oct 2012
Offline Last Active Jun 20 2014 10:22 AM
-----

Posts I've Made

In Topic: Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

27 May 2014 - 01:09 PM

Still looking into ourselves too (had about 20 sites hacked, 3 non hacked).

Of course sites still in development (ie not public) were not hacked even though they are web-accessible, so it would suggest a google search for dispatch urls could have built the bot list.

Regarding the admin urls, could it have anything to do with the compromise of Twigmo recently where you advised we change our admin url?

Two of the three non-hacked sites were compromised by Twigmo and therefore we had changed the admin url.

The third non hacked site was a really early v2 cs cart site, maybe the version did not have the atos/hsbc files...