Looking for explanation to security breach
I am trying to figure out what happened to one of my sites.
Bottom line sales were not good for a solid 3 week stretch and then 2 days of nothing. I finally had a test transaction done last night and permission settings for .htpasswd were changed.
I know there are a lot of knowledgeable people on gfy that may know how a scam like this would work. How can I track down what processor would use the changed permission setting and how could I still receive some sales during this stretch. Like it was changed for a period of time then changed back. My host claims they cannot track a change to the settings... only if the file was uploaded. The biggest indicator is a 30 member discrepancy in my password file.
For this to work my page prior to processor change would have had to been replaced as well. Can this be done without me knowing... ie my IP would be recognized and show the correct cc page?
Finally, is there any way for permission settings on password files to be inadvertently changed by some hosting anomaly?
|