Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
 

Warning: Iframe based attacks using stolen FTP access info

 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #121  
Old 10-24-2008, 01:22 PM
 
EN4U EN4U is offline
 

eXpert
  
Join Date: Feb 2008
Location: AZ
Posts: 379
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Quote:
Originally Posted by Emerson
that is ok
::1 localhost is for ipv6. Not to worry.

Thank you Emerson, my Jaw dropped when i saw that second line........ I ran full scan with Kaspersky, all appears clear. Then proceeded to change all passwords.

Xcart login
FTP
Cpanel
Client login inforamtion

and added password to admin folder

should I run any other type of scans.... And thanks to all for alerting us on this..and a special thanks to Handson, conor and team as always...
__________________
Regards, Dan
X-Cart Gold Version 4.1.10

1 - One page checkout
2 - Image Generator
3 - CSDEO Pro
4 - Shop By Price
5 - Next - Previous
6 - On Sale
7 - Shop By Price

8 - Froogle & Google Base Feed
9 - Buy Together
10 - Customer Loyalty Points
11 - Customer Reward Points
Customer Reward Points Referral Add-on
12 - Product Reviews
13 - Other Custom Modifications
----------------------
http://www.townsqjewelry.com/
http://www.eroticnights4u.com/ <---- Adult Oriented - Toys
Reply With Quote
  #122  
Old 10-24-2008, 05:29 PM
 
somekindahate somekindahate is offline
 

Advanced Member
  
Join Date: Apr 2007
Posts: 84
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Not to be rude as I'm sorry that some people had their X-Cart sites compromised, but I'm somewhat shocked by how many people are using FTP to access their servers in this thread. Is there any reason why you guys are not using SFTP? Most control panels support SFTP and I wouldn't host with a provider who doesn't allow SFTP access. With FTP everything is transferred in plain-text including your password, which is not that great of an idea when running an e-commerce store.

Steven F, one of the co-founders of Panic who make Transmit (FTP/SFTP client for Mac) summed it up well in this blog post:

http://stevenf.com/archive/dont-use-ftp.php

I don't want to be seen as pouring salt into wounds, but I figured this would be a relevant place to bring up this issue.
__________________
X-Cart Gold v. 4.1.10
Reply With Quote
  #123  
Old 10-24-2008, 05:56 PM
  BCSE's Avatar 
BCSE BCSE is offline
 

X-Guru
  
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 3,089
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Quote:
Originally Posted by somekindahate
Not to be rude as I'm sorry that some people had their X-Cart sites compromised, but I'm somewhat shocked by how many people are using FTP to access their servers in this thread. Is there any reason why you guys are not using SFTP? Most control panels support SFTP and I wouldn't host with a provider who doesn't allow SFTP access. With FTP everything is transferred in plain-text including your password, which is not that great of an idea when running an e-commerce store.

Steven F, one of the co-founders of Panic who make Transmit (FTP/SFTP client for Mac) summed it up well in this blog post:

http://stevenf.com/archive/dont-use-ftp.php

I don't want to be seen as pouring salt into wounds, but I figured this would be a relevant place to bring up this issue.


One of the reasons we do not allow FTP or any kind of non secure connection to our servers (including email connections).

Certainly doesn't guarantee you security, but atleast the traffic on your server can't be "watched" so that someone can get the login info.


Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote
  #124  
Old 10-24-2008, 06:17 PM
 
j0anne04 j0anne04 is offline
 

Newbie
  
Join Date: Aug 2008
Posts: 6
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

I have had no issues with my x-cart files recently, however my partner has a small web hosting business where we host websites we make for customers.. about 3 months ago we had the same issue with several of our clients websites which DID NOT contain x-cart, or any e-commerce software.

There was some kind of compromise with the FTP login details, iframes were inserted and infecting anyone who visited the website, but the hacker(s) also went to the extreme of changing the email passwords & ftp/cpanel passwords.

I am going off now to change all my passwords on the server as i would hate to go through all of that again!

thanks everyone for the information you have shared. it's good to have such a fantastic support network here!
__________________
X-Cart 4.1.10
Reply With Quote
  #125  
Old 10-24-2008, 11:53 PM
  photo's Avatar 
photo photo is offline
 

X-Wizard
  
Join Date: Feb 2006
Location: UK
Posts: 1,146
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Has everyone that has been hacked used FTP instead of SFTP?
__________________
v4.1.10
In Dev v4.5.x


"If you don't keep an eye on your business, someone else will."
Reply With Quote
  #126  
Old 10-25-2008, 02:51 PM
 
PuroPlacer PuroPlacer is offline
 

Advanced Member
  
Join Date: Jan 2007
Location: Marbella, Spain
Posts: 61
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Second site/server compromised here now... And that has x-cart on it too. Coincidence? None of the other 17 servers we have at different locations are compromised. None of them have x-cart installed.
Has this really not been solved yet??
__________________
PuroPlacer
X-Cart version
X-Cart Pro 4.1.5
Reply With Quote
  #127  
Old 10-25-2008, 03:20 PM
 
PuroPlacer PuroPlacer is offline
 

Advanced Member
  
Join Date: Jan 2007
Location: Marbella, Spain
Posts: 61
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

I am also being told that this has not been done through FTP access
__________________
PuroPlacer
X-Cart version
X-Cart Pro 4.1.5
Reply With Quote
  #128  
Old 10-25-2008, 03:54 PM
 
Emerson Emerson is offline
 

X-Man
  
Join Date: Mar 2004
Location: Atlanta, GA
Posts: 2,209
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Quote:
Originally Posted by PuroPlacer
I am also being told that this has not been done through FTP access

How did they do it for you and is it the same issues as we are seeing?
The ones we've seen are definitely done via FTP.
__________________
Emerson
Total Server Solutions LLC- Quality X-Cart Hosting
Recommended X-Cart Hosting Provider - US and UK servers
Does your host backup your site? We do EVERY HOUR!!!
Shared Hosting | Managed Cloud | Dedicated Servers
Reply With Quote
  #129  
Old 10-25-2008, 04:05 PM
 
PuroPlacer PuroPlacer is offline
 

Advanced Member
  
Join Date: Jan 2007
Location: Marbella, Spain
Posts: 61
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

God knows, I got the nightwatch guy, he says the following:

Support: i can not rely on any personal opinion as it would be the huge debate, but following method is most dangerous to use exec, passthru, unescape, base64, eval
Support: i can see many methods used on your sites
Support: also php has developed safe_mode - to prevent such issue, but it has been disabled due to the need of the application


He seems to believe that this is a vulnerability in x-cart... Which would also seem most plausible to me.. Although I am not an expert on this stuff..
There were no logins visible from the other server that had been compromised either a couple days ago
__________________
PuroPlacer
X-Cart version
X-Cart Pro 4.1.5
Reply With Quote
  #130  
Old 10-25-2008, 04:11 PM
 
Emerson Emerson is offline
 

X-Man
  
Join Date: Mar 2004
Location: Atlanta, GA
Posts: 2,209
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

All access I've seen with this issue it was done via FTP login and it is clear in the logs.

I personally believe this is an aftermath of someone's helpdesk getting hacked into and these logins were obtained that way.

If it was a vulnerability and/or as using insecure FTP(as some have suggested here ) this would have been a much more wide spread issue and would have affected many more sites and not just a handful as we have seen. Also it would have not been limited to just x-cart users which seems to be the case so far.
__________________
Emerson
Total Server Solutions LLC- Quality X-Cart Hosting
Recommended X-Cart Hosting Provider - US and UK servers
Does your host backup your site? We do EVERY HOUR!!!
Shared Hosting | Managed Cloud | Dedicated Servers
Reply With Quote
Reply
   X-Cart forums > News and Announcements



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 12:50 PM.

   

 
X-Cart forums © 2001-2020