Knowledgebase
Home » Item #976
Cactushop security reminder (Issued 21 June 2007)
Question
My site has been hacked.
Answer
We've had reports from a couple of customers that their CactuShop websites have been hacked. In both cases the attack was the same. The attacker changed the CactuShop configuration to collect credit card numbers on the CactuShop site, and then changed the orders email address to his own so that he obtained orders with full credit card details. It's also conceivable that other payment details such as a PayPal account could be setup instead.
On analysis of logs for one affected site, it appears that the attack focuses on trying to generate an error that will reveal the path of the database, and then attempting to download it (if it is an Access .mdb file located on the web space rather than in a protected "private" or "data" folder).
It is therefore critical that site owners properly protect their databases within a private folder.
If your host does not provide such a folder, change the .mdb extension to .asp, and reflect this change in your config file. The site will work just as before, but even if the database path was known, typing that path in the browser will just cause an error message, as the web server will try to 'run' it as a .asp page rather than serve it as a downloadable file.
Ensure that backend passwords are not obvious.
Consider using the IP lock in the config.asp file (in v5.1 and later). This restricts access to the backend of CactuShop to a specific IP address (or range).
Once you have secured your site as above, you should then do the following:
1. Run a test order through to checkout and see whether extra payment systems have been enabled, or if your site now uses a different payment system.
2. Check the config settings of the payment system(s) you use to ensure they've not been changed, in particular the PayPal settings.
3. Check the email addresses in the 'languages/email' section, to ensure they're still sending mails to your address.
4. Change the password of all your site logins.
If you believe your shop has been hacked, or you want help in securing your store, please contact us via our web form and we will be happy to help out.