Dh42 Posted January 24, 2015 Share Posted January 24, 2015 One of my clients contacted me yesterday saying their site was not accepting payments any more. They had migrated from another platform 6-8 months ago to PrestaShop and because of their needs I op'ed to use Presto-Changeo's authorize.net module on their site. It worked perfectly, just as expected with their modules. But it broke yesterday on the 22nd. I turned debug mode on and noticed it was calling a controller, but in a way that was not valid. My first action was to comment out the call because at that point in the module it was not needed. At the same time I accused my client of having another developer or himself working on the site, because I saw the timestamp on the file and when it was modified. I sent him a screenshot of the file before I actually saved the changes too. Here is it, http://screencast.com/t/u4g4fWKhZk9 He denied that he did anything of course, so next I asked him to get the server logs, because someone that has access to the site change the file. The module was updated over a month ago, but a file was changed today. The hosting company finally came through with a log of the ftp access. Here is a screenshot of the log they sent, I have highlighted the line that matters http://screencast.com/t/czzRxM5ZIqAt That is the login given to cart2cart, you can tell by the name. The account was created expressly for them, no other reason. If you look at the screenshot from before, (I have highlighted a new line) you can see where I logged in and check the error log when I got the email about the payments) http://screencast.com/t/e664kjMv My changes and login information are in the pink color. I checked the error log, I turned on debug mode, then I opened and fixed the file in question. They disabled the checkout from their ftp access for some reason and I do not know why. But I would advise people to stay away from them. For the record, they go by cart 2cart, but their site is at http://www.shopping-cart-migration.com/ EDIT: I have been asked to change the topic, so I did. The problems with cart2cart extended a lot further than just the "alleged" breach. The biggest issue with their service was they imported the data from X-Cart, but did not verify the data. They imported information into wrong columns of the products table in the database and because the information was not valid orders did not complete. Namely it was EAN13 data, I brought to PrestaShop's attention a year ago about this issue, but they maintained it should work this way and not be changed. http://forge.prestashop.com/browse/PSCFV-11809 Long story short, cart2cart does not verify the data and orders will not complete with some of the imported data. I would still avoid them. 3 Link to comment Share on other sites More sharing options...
MagneticOne Posted January 26, 2015 Share Posted January 26, 2015 Hello, My name is Stepan, I’m Project Manager at Cart2Cart. As far as I can see from your screenshots, IP address 46.72.126.220 doesn’t belong to Cart2Cart. Moreover, this IP address is from Russia http://screencast.com/t/NDZrb7fK8z and we are located in Ukraine, Ternopil. Here is a list of our IP addresses: 54.204.13.71 54.204.13.85 54.204.13.86 54.204.13.90 54.204.13.95 54.204.13.107 54.204.13.110 54.204.13.112 54.204.13.113 54.204.13.115 5.58.76.130 93.77.238.130 50.23.68.68 108.168.233.98 I see that this migration was performed from X-Cart to PrestaShop. Maybe your client gave his access details to someone else e.g X-Cart? We always highly recommended to change all access details of your store right after migration issue is resolved. http://www.shopping-cart-migration.com/faq/1-general-questions/109-why-cart2cart-may-need-access-to-your-web-shop-or-server We can guarantee that there were no access to your client’s store from our side. Moreover, we will be glad to help you resolve this issue. Please let me know how we can help. Best regards, Stepan Fedortsiv Link to comment Share on other sites More sharing options...
Dh42 Posted January 26, 2015 Author Share Posted January 26, 2015 Stepan, You guys were actively looking at the shop at this time, http://screencast.com/t/WjCbE61Uv and http://screencast.com/t/1m4NvvfzAgm Link to comment Share on other sites More sharing options...
MagneticOne Posted January 27, 2015 Share Posted January 27, 2015 Hi, You are correct. Those emails are from our employee. We are communicating with Martin (owner of the store) and he can confirm that all works in this store were stopped a long time ago. Letters you see go for discussion about new migration. Best regards Stepan Link to comment Share on other sites More sharing options...
Recommended Posts