View Single Post
Old 04-16-2010, 08:17 AM  
mmcfadden
So Fucking Banned
 
Join Date: Oct 2008
Location: philly
Posts: 5,099
Looking for explanation to security breach

I am trying to figure out what happened to one of my sites.

Bottom line sales were not good for a solid 3 week stretch and then 2 days of nothing. I finally had a test transaction done last night and permission settings for .htpasswd were changed.

I know there are a lot of knowledgeable people on gfy that may know how a scam like this would work. How can I track down what processor would use the changed permission setting and how could I still receive some sales during this stretch. Like it was changed for a period of time then changed back. My host claims they cannot track a change to the settings... only if the file was uploaded. The biggest indicator is a 30 member discrepancy in my password file.

For this to work my page prior to processor change would have had to been replaced as well. Can this be done without me knowing... ie my IP would be recognized and show the correct cc page?

Finally, is there any way for permission settings on password files to be inadvertently changed by some hosting anomaly?
mmcfadden is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote