To be honest I am not sure if this issue is for tea commerce, or for umbraco, or for our site.
I am receiving error upon payment page because there are so weird values being inserted into my tea commerce payment settings, you know some malicious links like "viagra" and "drug" terms linking to their sites.
Please see this screenshot:
http://screencast.com/t/3sCpgUFaUB
a couple of html tags are being inserted to my payment settings and I dont have an idea how did it got there, I also checked teacommerce database and there a lot of malicious tags inserted here see screenshot http://screencast.com/t/TZXDEfJZRTI
If you have an idea please tell me what is going on here,
thank you so much.
Running Tea Commerce 2 and 3 will have the payment provider settings in the DB and saved using server API - so DON'T think it is a Tea Commerce hack. Don't really have any idea how they got there. Must be a hack on your server/DB i guess.
Thank you for the quick response.
I am using latest Tea Commerce 3.1.1 for Umbraco 7,
and I am on a dedicated server.
I really dont have an idea how did it got there, I already fixed it manually by rewriting those values on database but after few days those malicious values appeared again.
I have enough knowledge regarding sql injection and cross scripting but this one it seems complex specially it was in the backoffice.
It will be hard for me to solve the problem if I dont know how this happen.
If this is not about tea commerce problem I understand.
Those values can only be changed using the Tea Commerce server side API. So don't think it is a general problem with Tea Commerce. Either there is a hole in the security in Umbraco, server or the way Tea Commerce is integrated in Umbraco. But I have no idea where to look as this is server side API.
I'm affraid I don't know about the Tea Commerce side of things, however I just wanted to check you've performed the following actions:
1) Changed all passwords used on the server, including those used by the website identity and connection strings
2) Checked the server for an unauthorised accounts that have been created.
3) Ensured that the SQL database isn't connectable from the outside world.
4) Check for any new/unauthorised SQL users that may have been created.
If someone is injecting even a little bit of SQL into your database you need to consider the fact that then entire database could be compromised.
You say you have a dedicated server, but how many sites are running on that server and have any of the other ones been compromised?
Tea Commerce Hacked
Hi TeaCommerce
To be honest I am not sure if this issue is for tea commerce, or for umbraco, or for our site.
I am receiving error upon payment page because there are so weird values being inserted into my tea commerce payment settings, you know some malicious links like "viagra" and "drug" terms linking to their sites.
Please see this screenshot: http://screencast.com/t/3sCpgUFaUB a couple of html tags are being inserted to my payment settings and I dont have an idea how did it got there, I also checked teacommerce database and there a lot of malicious tags inserted here see screenshot http://screencast.com/t/TZXDEfJZRTI
If you have an idea please tell me what is going on here, thank you so much.
Jorge
Hi Jorge
What Tea Commerce do you run?
Running Tea Commerce 2 and 3 will have the payment provider settings in the DB and saved using server API - so DON'T think it is a Tea Commerce hack. Don't really have any idea how they got there. Must be a hack on your server/DB i guess.
Kind regards
Anders
Is your site on shared hosting? I've seen people have their sql db hacked where this is on a shared server.
Steve
Hi Anders and Steve,
Thank you for the quick response. I am using latest Tea Commerce 3.1.1 for Umbraco 7, and I am on a dedicated server.
I really dont have an idea how did it got there, I already fixed it manually by rewriting those values on database but after few days those malicious values appeared again.
I have enough knowledge regarding sql injection and cross scripting but this one it seems complex specially it was in the backoffice.
It will be hard for me to solve the problem if I dont know how this happen. If this is not about tea commerce problem I understand.
Those values can only be changed using the Tea Commerce server side API. So don't think it is a general problem with Tea Commerce. Either there is a hole in the security in Umbraco, server or the way Tea Commerce is integrated in Umbraco. But I have no idea where to look as this is server side API.
Kind regards
Anders
Hi Jorge,
I'm affraid I don't know about the Tea Commerce side of things, however I just wanted to check you've performed the following actions:
1) Changed all passwords used on the server, including those used by the website identity and connection strings 2) Checked the server for an unauthorised accounts that have been created. 3) Ensured that the SQL database isn't connectable from the outside world. 4) Check for any new/unauthorised SQL users that may have been created.
If someone is injecting even a little bit of SQL into your database you need to consider the fact that then entire database could be compromised.
You say you have a dedicated server, but how many sites are running on that server and have any of the other ones been compromised?
Nik
is working on a reply...