News:

Support the VirtueMart project and become a member

Main Menu

Hacking attempt message during checkout

Started by Shimon Hirschhorn, February 16, 2014, 21:42:28 PM

Previous topic - Next topic

Shimon Hirschhorn

Hello,

A customer of mine was trying to checkout when she received the message "Hacking attempt".  She found this unsettling (for some strange reason) and did not want to enter her CC details.

I have attached a screen shot.

What is causing this and how can I avoid this in the future?

Thanks

Joomla 2.5.18
VM 2.0.24c

[attachment cleanup by admin]

Jazajay

Hi Shimon
Have a look at her permission setting in the admin area.

This sounds like: Her user Id might be failing a permission check in the user.php file.

Shimon Hirschhorn

As far as I can see it looks correct.
How could her permissions get screwed up?  All she did is try to check out.

Jazajay

Well it sounds like it is failing this check:

if($cid != $user->id){
if(!class_exists('Permissions')) require(JPATH_VM_ADMINISTRATOR.DS.'helpers'.DS.'permissions.php');
if(Permissions::getInstance()->check("admin")) {
$userId = $cid;
// vmdebug('Admin watches user, setId '.$cid);
} else {
JError::raiseWarning(1,'Hacking attempt');
$userId = $user->id;
}

File:  com_virtuemart/models/user.php
Line: 85

As far as I can tell, $cid - is the user ID that is passed for validation.

How can it get mixed up?
I just took over a site that had 30 users information screwed up from an old version due to a bad server move which failed to copy the files over correctly.

Have you tried viewing her details in the admin area?

Do you get a, Missing user [XX] red error message when you do?

Bar that have you altered the DB recently / core files etc...

What happens when you register?

Shimon Hirschhorn

A (potential) customer received the error again.  Both were new customers .  Both were using Chrome.

The message really spooked them.  They assume that THEY were being hacked, and ran away.

Any ideas what is happening ?

Jazajay

Sorry mate, I don't know what that check is failing. Have you tried searching the forum?

Shimon Hirschhorn

#6
Yes,
No mention of the error.  At least none that I can find.

Jazajay

Sorry buddy, that is the limit of my knowledge in regards to this. I would like to know the solution if you find out.

Have you tripple checked all the settings in:
Virtuemart > configuration
Virtuemart > Shop
Configuration.php??????

Shimon Hirschhorn

Jazzajay

Thanks for your help.  You found the error in user.php.  Could you please tell me where that file is.  I looked for user.php. but I could not find the line at line 81.

I want to modify the message to something that does not scare away customers , until I can solve it.

Thanks

Jazajay

Hi Shimon
Are you running the latest version?

If not use a HTML editor and search all the files for: hacking

This will bring up every file where this is outputted and under what conditions. :)