Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Jorge 33 posts 114 karma points
    Aug 01, 2016 @ 11:24
    Jorge
    0

    Tea Commerce Hacked

    Hi TeaCommerce

    To be honest I am not sure if this issue is for tea commerce, or for umbraco, or for our site.

    I am receiving error upon payment page because there are so weird values being inserted into my tea commerce payment settings, you know some malicious links like "viagra" and "drug" terms linking to their sites.

    Please see this screenshot: http://screencast.com/t/3sCpgUFaUB a couple of html tags are being inserted to my payment settings and I dont have an idea how did it got there, I also checked teacommerce database and there a lot of malicious tags inserted here see screenshot http://screencast.com/t/TZXDEfJZRTI

    If you have an idea please tell me what is going on here, thank you so much.

    Jorge

  • Anders Burla Johansen 2560 posts 8256 karma points
    Aug 01, 2016 @ 12:05
    Anders Burla Johansen
    0

    Hi Jorge

    What Tea Commerce do you run?

    Running Tea Commerce 2 and 3 will have the payment provider settings in the DB and saved using server API - so DON'T think it is a Tea Commerce hack. Don't really have any idea how they got there. Must be a hack on your server/DB i guess.

    Kind regards

    Anders

  • Steve Morgan 1030 posts 3195 karma points c-trib
    Aug 01, 2016 @ 12:16
    Steve Morgan
    0

    Is your site on shared hosting? I've seen people have their sql db hacked where this is on a shared server.

    Steve

  • Jorge 33 posts 114 karma points
    Aug 01, 2016 @ 12:26
    Jorge
    0

    Hi Anders and Steve,

    Thank you for the quick response. I am using latest Tea Commerce 3.1.1 for Umbraco 7, and I am on a dedicated server.

    I really dont have an idea how did it got there, I already fixed it manually by rewriting those values on database but after few days those malicious values appeared again.

    I have enough knowledge regarding sql injection and cross scripting but this one it seems complex specially it was in the backoffice.

    It will be hard for me to solve the problem if I dont know how this happen. If this is not about tea commerce problem I understand.

  • Anders Burla Johansen 2560 posts 8256 karma points
    Aug 01, 2016 @ 12:39
    Anders Burla Johansen
    0

    Those values can only be changed using the Tea Commerce server side API. So don't think it is a general problem with Tea Commerce. Either there is a hole in the security in Umbraco, server or the way Tea Commerce is integrated in Umbraco. But I have no idea where to look as this is server side API.

    Kind regards

    Anders

  • Nik 1142 posts 4730 karma points MVP 2x c-trib
    Aug 01, 2016 @ 12:45
    Nik
    0

    Hi Jorge,

    I'm affraid I don't know about the Tea Commerce side of things, however I just wanted to check you've performed the following actions:

    1) Changed all passwords used on the server, including those used by the website identity and connection strings 2) Checked the server for an unauthorised accounts that have been created. 3) Ensured that the SQL database isn't connectable from the outside world. 4) Check for any new/unauthorised SQL users that may have been created.

    If someone is injecting even a little bit of SQL into your database you need to consider the fact that then entire database could be compromised.

    You say you have a dedicated server, but how many sites are running on that server and have any of the other ones been compromised?

    Nik

Please Sign in or register to post replies

Write your reply to:

Draft