[SOLVED] Hacking my own store message in 2.0.8d

Started by DaggaTora, July 16, 2012, 13:08:00 PM

Previous topic - Next topic

DaggaTora

Hi,

everytime a user change something in his profile, like the adress, he recieves the following message:"Info: Stop try to hack this store, you got logged".

;D


----------------------------------
Solved by Milbo I The Great
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

Please try the attached file, ,remove the .txt and copy it to \administrator\components\com_virtuemart\helpers

[attachment cleanup by admin]
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

Tried but still remains the hack message.

I've change this file before in the morning when the orders didn't appear: http://forum.virtuemart.net/index.php?topic=105220.15

Thanks Milbo
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

hmm this file is in the e version and I tried it as normal user, as administrator and as shopowner. It works always without any message.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

The thing is that it also says: Info: Data saved. So, is there a way to just comment that line or hide it someway?
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

Nope, yesterday i couldn't find it but i see now its in dev.

I'll install and report!
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

DaggaTora

Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

Do you have multivendor enabled?
Which kind of users is it?
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

No multivendor,

Is a normal shopper user.

If I do it with a vendor i get the following:

Info: Datos de usuario almacenados
Info: Datos de vendedor guardados
vmError: TableVendors El Nombre Vendedor ya existe.
vmError: VmTableData Sef Alias falta en registro ! No se puede guardar el registro sin Sef Alias.
vmError: store vendor
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

Milbo

There is more broken in your store. Please go into your vmusers table. Ensure that only the shopowner is_vendor and has the vendorId=1
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

DaggaTora

Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28

DG

I can confirm the same error in 2.0.8e also (upgrading from 2.0.7d on Joomla 2.5.6)

DG

#13
I can also tell you that after downloading a backup .tar file of the site and unpacking it, that this file was caught by my virus program and deemed "Trojan Horse PHP - BackDoor.CK":

administrator/components/com_virtuemart/classes/payment/paypal_api/certificate/ibinc.php

DaggaTora

Mmmm yesterday my hole site was deleted from the server. Hope it has nothing to do with this.
Joomla 2.5.17 | VM2.0.26d | PHP 5.3.28