Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => General Questions => Topic started by: Shimon Hirschhorn on February 16, 2014, 21:42:28 PM

Title: Hacking attempt message during checkout
Post by: Shimon Hirschhorn on February 16, 2014, 21:42:28 PM
Hello,

A customer of mine was trying to checkout when she received the message "Hacking attempt".  She found this unsettling (for some strange reason) and did not want to enter her CC details.

I have attached a screen shot.

What is causing this and how can I avoid this in the future?

Thanks

Joomla 2.5.18
VM 2.0.24c

[attachment cleanup by admin]
Title: Re: Hacking attempt message during checkout
Post by: Jazajay on February 16, 2014, 23:51:51 PM
Hi Shimon
Have a look at her permission setting in the admin area.

This sounds like: Her user Id might be failing a permission check in the user.php file.
Title: Re: Hacking attempt message during checkout
Post by: Shimon Hirschhorn on February 17, 2014, 00:04:40 AM
As far as I can see it looks correct.
How could her permissions get screwed up?  All she did is try to check out.
Title: Re: Hacking attempt message during checkout
Post by: Jazajay on February 17, 2014, 00:14:12 AM
Well it sounds like it is failing this check:

Code Select
if($cid != $user->id){
if(!class_exists('Permissions')) require(JPATH_VM_ADMINISTRATOR.DS.'helpers'.DS.'permissions.php');
if(Permissions::getInstance()->check("admin")) {
$userId = $cid;
// vmdebug('Admin watches user, setId '.$cid);
} else {
JError::raiseWarning(1,'Hacking attempt');
$userId = $user->id;
}
File:  com_virtuemart/models/user.php
Line: 85

As far as I can tell, $cid - is the user ID that is passed for validation.

How can it get mixed up?
I just took over a site that had 30 users information screwed up from an old version due to a bad server move which failed to copy the files over correctly.

Have you tried viewing her details in the admin area?

Do you get a, Missing user [XX] red error message when you do?

Bar that have you altered the DB recently / core files etc...

What happens when you register?
Title: Re: Hacking attempt message during checkout
Post by: Shimon Hirschhorn on February 18, 2014, 22:18:46 PM
A (potential) customer received the error again.  Both were new customers .  Both were using Chrome.

The message really spooked them.  They assume that THEY were being hacked, and ran away.

Any ideas what is happening ?
Title: Re: Hacking attempt message during checkout
Post by: Jazajay on February 18, 2014, 22:48:49 PM
Sorry mate, I don't know what that check is failing. Have you tried searching the forum?
Title: Re: Hacking attempt message during checkout
Post by: Shimon Hirschhorn on February 18, 2014, 22:50:46 PM
Yes,
No mention of the error.  At least none that I can find.
Title: Re: Hacking attempt message during checkout
Post by: Jazajay on February 18, 2014, 23:00:31 PM
Sorry buddy, that is the limit of my knowledge in regards to this. I would like to know the solution if you find out.

Have you tripple checked all the settings in:
Virtuemart > configuration
Virtuemart > Shop
Configuration.php??????
Title: Re: Hacking attempt message during checkout
Post by: Shimon Hirschhorn on February 19, 2014, 23:34:58 PM
Jazzajay

Thanks for your help.  You found the error in user.php.  Could you please tell me where that file is.  I looked for user.php. but I could not find the line at line 81.

I want to modify the message to something that does not scare away customers , until I can solve it.

Thanks
Title: Re: Hacking attempt message during checkout
Post by: Jazajay on February 22, 2014, 10:52:43 AM
Hi Shimon
Are you running the latest version?

If not use a HTML editor and search all the files for: hacking

This will bring up every file where this is outputted and under what conditions. :)
Text only | Text with Images