Welcome, Guest
Username: Password: Secret Key Remember me

TOPIC: PPD file is hacked

PPD file is hacked 21 Dec 2012 17:12 #2101

  • Faisel
  • Faisel's Avatar
  • Offline
  • Junior Member
  • Posts: 38
Hi,

This is a very serious topic. I got a complaint from one of my site visitor that he cannot make payment to my PayPal account. I tried to repeat the payment but could not.

Shockingly, the paypal account was hardcoded (This email address is being protected from spambots. You need JavaScript enabled to view it.) in <root>/components/com_payperdownloadplus/models/pay.php as
function getPaymentInfo()
{
	$config =& $this->getConfig();
	$paymentInfo = new StdClass();
	$paymentInfo->paypal_account = 'amdabir@gmail.com';//$config->get('paypalaccount');
	$paymentInfo->paymentnotificationemail = $config->get('paymentnotificationemail');
	$paymentInfo->test_mode = $config->get('testmode', 1);
	$paymentInfo->usesimulator = $config->get('usesimulator', 0);
	return $paymentInfo;
}

I have now changed my FTP, site password, etc. Is it possible someone can inject a script to change the ID like this? Please let me know.

To fix this, I have updated PPD to 2.5.30

I just want to bring this to your notice.
Last Edit: 21 Dec 2012 17:12 by Faisel.
The administrator has disabled public write access.

Re: PPD file is hacked 21 Dec 2012 20:06 #2102

  • Ratmil
  • Ratmil's Avatar
  • Offline
  • Administrator
  • Posts: 1487
  • Thank you received: 25
Hi, Faisel.
Evidently some one hack your server and modified the file.
If I don't provide the answers you are looking for, I may provide the questions you need to find the answers yourself.
The administrator has disabled public write access.

Re: PPD file is hacked 22 Dec 2012 09:26 #2103

  • Faisel
  • Faisel's Avatar
  • Offline
  • Junior Member
  • Posts: 38
Yes, you are right.

I have changed all my passwords now :)
The administrator has disabled public write access.
Time to create page: 0.198 seconds
Powered by Kunena Forum