Hi my initial report was in the general section (sorry was late meant to post it here)
I noticed malicious javascript on my site on the 20th, I compiled a report and mailed it to below I need to confirm if someone has seen it already. I am happy to share my analytics data also showing from the (well I had a demo store running) checkout page, cart page, orders page that had thousands of event counts and interaction which is signs of SQL injection, that was successful, this point to a vulnerability in the software. my report to large to fit here will attempt to link it from my domain.
I managed to remove all signs of the malware script, this type relayed contact form and well user input to a cloudflare ip in California www.blancohuntingsafaris.com/report.docx
The developers needs to know about this, I am am not sure if my initial email (report) has been read since 5 days ago or Ichor (moderator) took this further and escalated it, does not look like it from my initial post in the general section. I can be reached from the email on that site, I am limited to 2 link here. Kindly keep in mind I approached the forums to make the moderator aware of this issue and to confirm if my email was received to who ever and or direct me, this has not happened, I already informed Artemy Kaydash to assist and making someone response or listen.
contact@hivepress.io
here is the analytics data https://www.blancohuntingsafaris.com/analytics.pdf
Kindly note my site at the time was new, was just demo store or set to demo store, after it was decided not to use the WooCommerce from the HivePress plugin, pages where moved to trash. Pages such as chart, checkout ect was not even linked in menus and was accessed. I sat and watched from analytics how these people accessing those pages, and putting in random order numbers, then I realized what was happening. Was 3 guys, one in Texas USA, Lictenburg and Potch in South Africa, these three stayed on site for days at end, so I am done now leaving this in whoever’s hands
Oh site was never hacked per say, was always in control. I removed the javascript and references to the escaped url in my database.
From my report I emphasize security was above normal for a new site having last changes made
If you found a critical security issue, please describe the steps to reproduce it if you believe this is related to HivePress and not other plugins installed on your site. HivePress is an open-source solution and you can help by reporting this with specific details, not exported Google Analytics reports with the attacker IPs or locations, we just need details like:
-
Why do you believe the JS script was inserted on your site via the HivePress form and the issue is related to the HivePress plugin?
-
If this is the case, please describe the steps to reproduce the issue (which form we should test, or if you assume which SQL code passes the security checks in our form). You can send the details to support@hivepress.io
Thanks for your cooperation. Please keep the details as short and specific as possible, if there’s a critical security issue that can be reproduced and related to HivePress, we’ll release a bug fix within 24 hours or less, but we need specific details to proceed.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.