Author Topic: [SOLVED] Hacking my own store message in 2.0.8d  (Read 8739 times)

DaggaTora

  • Jr. Member
  • **
  • Posts: 253
[SOLVED] Hacking my own store message in 2.0.8d
« on: July 16, 2012, 13:08:00 pm »
Hi,

everytime a user change something in his profile, like the adress, he recieves the following message:"Info: Stop try to hack this store, you got logged".

 ;D


----------------------------------
Solved by Milbo I The Great
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9683
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Hacking my own store message in 2.0.8d
« Reply #1 on: July 16, 2012, 17:52:02 pm »
Please try the attached file, ,remove the .txt and copy it to \administrator\components\com_virtuemart\helpers

[attachment cleanup by admin]
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

  • Jr. Member
  • **
  • Posts: 253
Re: Hacking my own store message in 2.0.8d
« Reply #2 on: July 16, 2012, 19:06:47 pm »
Tried but still remains the hack message.

I've change this file before in the morning when the orders didn't appear: http://forum.virtuemart.net/index.php?topic=105220.15

Thanks Milbo
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9683
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Hacking my own store message in 2.0.8d
« Reply #3 on: July 17, 2012, 09:50:58 am »
hmm this file is in the e version and I tried it as normal user, as administrator and as shopowner. It works always without any message.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

  • Jr. Member
  • **
  • Posts: 253
Re: Hacking my own store message in 2.0.8d
« Reply #4 on: July 17, 2012, 10:08:53 am »
The thing is that it also says: Info: Data saved. So, is there a way to just comment that line or hide it someway?
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9683
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Hacking my own store message in 2.0.8d
« Reply #5 on: July 17, 2012, 10:18:08 am »
Did you installed version e?
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

  • Jr. Member
  • **
  • Posts: 253
Re: Hacking my own store message in 2.0.8d
« Reply #6 on: July 17, 2012, 11:06:51 am »
Nope, yesterday i couldn't find it but i see now its in dev.

I'll install and report!
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

DaggaTora

  • Jr. Member
  • **
  • Posts: 253
Re: Hacking my own store message in 2.0.8d
« Reply #7 on: July 17, 2012, 12:12:40 pm »
Updated... same result  :-\
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9683
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Hacking my own store message in 2.0.8d
« Reply #8 on: July 17, 2012, 13:20:49 pm »
Do you have multivendor enabled?
 Which kind of users is it?
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

  • Jr. Member
  • **
  • Posts: 253
Re: Hacking my own store message in 2.0.8d
« Reply #9 on: July 17, 2012, 13:31:54 pm »
No multivendor,

Is a normal shopper user.

If I do it with a vendor i get the following:

Info: Datos de usuario almacenados
Info: Datos de vendedor guardados
vmError: TableVendors El Nombre Vendedor ya existe.
vmError: VmTableData Sef Alias falta en registro ! No se puede guardar el registro sin Sef Alias.
vmError: store vendor
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9683
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Hacking my own store message in 2.0.8d
« Reply #10 on: July 17, 2012, 14:50:41 pm »
There is more broken in your store. Please go into your vmusers table. Ensure that only the shopowner is_vendor and has the vendorId=1
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

  • Jr. Member
  • **
  • Posts: 253
Re: Hacking my own store message in 2.0.8d
« Reply #11 on: July 17, 2012, 17:06:37 pm »
Yes, only me is admin and vendorId=1
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

DG

  • Beginner
  • *
  • Posts: 33
Re: Hacking my own store message in 2.0.8d
« Reply #12 on: July 25, 2012, 06:48:04 am »
I can confirm the same error in 2.0.8e also (upgrading from 2.0.7d on Joomla 2.5.6)

DG

  • Beginner
  • *
  • Posts: 33
Re: Hacking my own store message in 2.0.8d
« Reply #13 on: July 25, 2012, 07:31:11 am »
I can also tell you that after downloading a backup .tar file of the site and unpacking it, that this file was caught by my virus program and deemed "Trojan Horse PHP - BackDoor.CK":

administrator/components/com_virtuemart/classes/payment/paypal_api/certificate/ibinc.php

DaggaTora

  • Jr. Member
  • **
  • Posts: 253
Re: Hacking my own store message in 2.0.8d
« Reply #14 on: July 25, 2012, 09:58:12 am »
Mmmm yesterday my hole site was deleted from the server. Hope it has nothing to do with this.
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28