Thread: Warning: Iframe based attacks using stolen FTP access info
View Single Post
  #133  
Old 10-25-2008, 05:18 PM
  BCSE's Avatar 
BCSE BCSE is offline
 

X-Guru
   
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 3,063
 
Default Re: Warning: Iframe based attacks using stolen FTP access info
One thing to consider on how this happened is that someone's computer who has access to these various X-cart sites was infected with a keylogger virus which inturn provided ftp info to many sites. So it wouldn't necessarily have to be a helpdesk intrusion. Could simply be a PC intrusion on a key person or group of people.

We've had one client that we know of that has had this problem, and from our experience with them, there was no evidence in an X-cart vulnerability allowing them in. There was no suspicious activity noted in the http logs. Only activity in the ftp logs. They were also up-to-date on the security patches except for the ones this summer which they had scheduled to do right at the same time this was found. That client also got infected by their *own* site by the keylogger (or possibly they were infected before the attack which provided the ftp information, I don't think we know when they got infected).

Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote