First off, don’t these stupid little script kiddiez know who they’re dealing with??? Seriously.
Yesterday morning someone who I assume to be Charles Eckholdt or
ceckholdt@comcast.net (and yeah, I hope the spambots harvest your stupid little email address Charles) changed the “send payments to” address in my shopping cart program from the regular All New Comics address to ceckholdt@comcast.net and changed the dollar value to US Dollars.
I went in, fixed the problem, and found out that one person for sure sent this jerk a payment. I then followed up with PayPal who have asked me to phone them tomorrow to follow up.
It looks like an injection, so I’m following up with the company that created my shopping cart to get that fixed, in the meantime I’ve changed my URL’s and I’ll move them again a couple of times until I can get the injection changed.
This week I’m going to change the look of my PayPal stuff so that it shares a common look with my All New Comics site. That’s something I’ve been meaning to do for a while which is fairly simple.
This made me look seriously at our security practices, and there are a few things I will change, but overall I’m pretty happy. In the event someone hacked into our database they wouldn’t find anything pertinent. Passwords are kept in MD5 two way encrypted strings, and email addresses (as well as shipping addresses) are the only things that a hacker could get at.
All financial info is kept by PayPal, and since they’re owned by a billion dollar company called eBay, I think that stuff is in good hands.
Overall this could have been much worse, but wasn’t that big of a deal after all. We’ll have to write off a couple of transactions, but considering the problems that COULD have happened, I’m okay with that.
UPDATE – The person responsible for this attack looks like he used a couple of spoof addresses, with one of them being: comite gestor da internet no brasil it looks like his IP address was 189.13.143.236 which resolves to Tele Norte Leste Participações S.A. in Brazil. The more I look at this, the more I’m thinking it was a brute force hack against CandyPress by some sort of bot type thing.