snubbr.com

Can't open yahoo mail because Verisign SSL is disable?

Get a Verisign SSL certificate for 30 days FREE. Click here to use coupon...

Get a free trial of Verisign SSL certificates. Click here for this special deal...
Quick question... Can't open yahoo mail because Verisign SSL is disable? Many thanks for any response. Another quick question... In the early hours of Saturday morning an email was sent (supposedly from our online shop) to all of our 5500 customers telling them they had won a free gift, and all they had to do was reply with a scanned in copy of their utility bill..

A lot of angry customers emailed telling us what had happened, and that we must of been hacked into. (Thats how we found out)..

I have since replied to all of our customers telling them what has happened. A nightmare for us as we could lose alot of customers through this..

I have also changed all passwords, root, database, admin, ftp, etc...

We are using oscommerce v2.2........I would like to ask for your help please, to find out what to do next?.

The hacker has registered 2 Verisign domain names that closely resemble ours, and they've used that as the reply to address on the email they sent out..

1) Who do I report this to?.

2) How do I find out how they compromised dedicated server?.

3) Did they use SQL Injection?.

4) Nothing appears to have been deleted or tampered with.

5) Should I try and secure the shopping cart or find a new one?.

6) What else do I need to do?.

Your help is greatly appreciated!..

Comments (68)

I would like to know the answer too. Anyone here know what is the right answer to your question. I'll do some investigation and get back to you if I discover an decent answer. You should email the people at Verisign as they probably could answer your Verisign question..

Comment #1

ANY package is going to be subject to hacker attacks, before the software is blamed attention should also be drawn to.

The host, are they secure?.

The user, do they use unsafe permissions on the Verisign site folders?.

Any software package is going to protect you only so far, the user must take steps also..

There are loads of security add ons here to help you in this..

Many users use OSC and pass the PCI checks..

Nic..

Comment #2

Sorry for the Blond moment ... what is a PCI check.....

Ta muchly.

Nic.

Added - Ah! found what you mean..... I just build em... not run them....

Payment Card Industry Data Security Standard.

This post has been edited by.

SpottyNic.

: 09 February 2009, 19:58..

Comment #3

If I was a customer I'd be scared right about now..

This post has been edited by.

FWR Media.

: 09 February 2009, 20:27..

Comment #4

Here is a good post from Spooks about securing your Verisign site and the add ons you need to do so...

Http://forums.oscommerce.com/index.php?sho...+unsecure+items..

Comment #5

Sounds familiar..

Get rid of your customer_testimonials.php files and this contribution or use the latest version..

Have a look in your log files and you will see the statement in the browser that they used just before the time or date it occured..

I think this was very wide spread...

Comment #6

In the early hours of Saturday morning an email was sent (supposedly from our online shop) to all of our 5500 customers telling them they had won a free gift, and all they had to do was reply with a scanned in copy of their utility bill..

A lot of angry customers emailed telling us what had happened, and that we must of been hacked into. (Thats how we found out)..

I have since replied to all of our customers telling them what has happened. A nightmare for us as we could lose alot of customers through this..

I have also changed all passwords, root, database, admin, ftp, etc...

We are using oscommerce v2.2........I would like to ask for your help please, to find out what to do next?.

The hacker has registered 2 Verisign domain names that closely resemble ours, and they've used that as the reply to address on the email they sent out..

1) Who do I report this to?.

2) How do I find out how they compromised dedicated server?.

3) Did they use SQL Injection?.

4) Nothing appears to have been deleted or tampered with.

5) Should I try and secure the shopping cart or find a new one?.

6) What else do I need to do?.

Your help is greatly appreciated!..

Comment #7

BUMP -.

I'm just about to go live -.

Should I be having second thoughts on OSC -.

Ta.

Nic..

Comment #8


This question was taken from a support group/message board and re-posted here so others can learn from it.

 

Categories: Home | Diet & Weight Management | Vitamins & Supplements | Herbs & Cleansing |

Sexual Health | Medifast Support | Nutrisystem Support | Medifast Questions |

Web Hosting | Web Hosts | Website Hosting | Hosting |

Web Hosting | GoDaddy | Digital Cameras | Best WebHosts |

Web Hosting FAQ | Web Hosts FAQ | Hosting FAQ | Hosting Group |

Hosting Questions | Camera Tips | Best Cameras To Buy | Best Cameras This Year |

Camera Q-A | Digital Cameras Q-A | Camera Forum | Nov 2010 - Cameras |

Oct 2010 - Cameras | Oct 2010 - DSLRs | Oct 2010 - Camera Tips | Sep 2010 - Cameras |

Sep 2010 - DSLRS | Sep 2010 - Camera Tips | Aug 2010 - Cameras | Aug 2010 - DSLR Tips |

Aug 2010 - Camera Tips | July 2010 - Cameras | July 2010 - Nikon Cameras | July 2010 - Canon Cameras |

July 2010 - Pentax Cameras | Medifast Recipes | Medifast Recipes Tips | Medifast Recipes Strategies |

Medifast Recipes Experiences | Medifast Recipes Group | Medifast Recipes Forum | Medifast Support Strategies |

Medifast Support Experiences |

 

(C) Copyright 2010 All rights reserved.