If you use Rapid Action Profits, check your sites

You're not alone Dennis, one of my RAP sites was hacked by the same bastage this morning. Thanks to RAPbank, I was notified immediately.

I thought RAP automatically emails you when any admin settings are changed...it did for me when I recently updated them in my dashboard...

But the more troubling news is that your site got hacked to begin with! Are you running the latest version? (or which version are you using)

I'm running 3.1.9, I haven't upgraded yet because I have so many domains, and there are compatibilties with some of the add-ons that have to be addressed, then testing and all that busy work.

I know I should get up to date, but you know what? There's never enough time in the day to do everything. Once I hear from the RAP forum if installing the new version would have prevented this, I'll do what needs to be done, but I don't even know if that's the case yet.

What RAP version was your website Pat?

Maybe we can find what the hacked sites have in common...if its the latest version then Sid will need to get on this ASAP...

Luckily he didn't cause any financial damage to me either. One site hasn't had a sale since May, and the other pays 100% commissions to affiliates, and he only changed the equity partner setting, so there was nothing to split among partners.

As I understand things, RAP's notification ability is tied to the latest release, not to earlier releases, such as the 3.1.9 version. A suggestion, if I may, those sites that you have Rapid Action Profits on, that are generating regular sales, update those ASAP, in order to minimize any revenue loss. Of course, the others should also be updated ASAP as well, but you get my point...

Be Well!
ECS Dave

That makes sense.

Thanks, Dave. I just wish Sid would say whether or not 3.2.4 would fix the problem, or if he has a new one that would bear waiting for.

I changed all my admin passwords already, but is that the way he gets in?

Strong passwords are essential. I am curious why most sites don't have a lockdown mode where you can get wrong more than 10 times a day. That would prevent these brute force hacks.

Note: This is a general statement and not aimed at Rapid Action Profits

Same hacker/email, same problem for me today too.

Install.php file always removed during setup. Strong username & password - unchanged - so appears to be a backdoor. Site's in offline mode until I hear back from the RAP folks.

Glad to have gotten the notification from RAP Bank - but not the email I wanted to wake up to on a Sunday morning.

OK,

Am curious. How many are using RAP Bank that got hacked?

Also, I sent a heads up message to Sid about this.

Thanks,

John

My products are all on RAP Bank.

But one of my Earn1KaDay members had this to say:

Wow! That is bad! I really can't understad why ppl do this kind of stuff. Hope our fellow IM marketers are being spared from these unethical behavior. However do check cos better safe than sorry. Thanks for the feedback.

I gave Sid a link to this thread, so he can get up to speed with what is going on.

Thanks,

John

I got done as well on an older version of RAP. My updated RAP was not hacked, however.

Why does this guy still have a Paypal account?

James

I hope you folks that are getting hacked have reported this to Paypal. I should think if Paypal starts getting complaints they will suspend the hacker's account. In an ideal world they would even report the user to his local law enforcement agency.

Are you guys looking at server logs? You might find that the hacks are all coming from a forum post or something like that?

Trouble is, RAP Bank keeps notifying me about a change to this one site. And every time I go over to look, nothing's been changed. It was originally, I fixed it back to what it should be, but RAP Bank somehow is sensing a change every time it comes around to check.

Thanks. Yeah, lucky me. I wasn't going to complain until after I get the site upgraded to 3.2.4, and the latest RAP Bank release. After that, hopefully it will go away.

Yeah, I checked the equity partner emails also, that's the one that was originally changed by the scumbag.

I got done the first time about a week ago and then 2 more times today!
I don't think they got any sales because I removed the scumbag's email
pretty quick..

All sites were still running 3.1 but have since updated to 3.2 except for one
but will have to do that asap. I wouldn't have know if I didn't get the alert
email from rap bank.. thanks Bill!

They are ahead of the game, and can catch people out

Thanks for the heads up guys, will now be paying more attention to upgrades and notifications!

Having been appraised myself some time ago of the potential problems on a site of mine about the issues re: SQL injections (Google for it) I'd say, in agreement with Boomachucka, that it's MUCH more likely to be something like this and/or the leaving of standard files like install.php (or whatever) that cause such problems rather than password cracking.

STRONG passwords should be mandatory and LONG - I despair of the number of sites that STILL limit passwords to ONLY 8 characters - since even BEFORE being attacked by the very FIRST Internet worm (unsuccessfully! ... > 450 unsuccessful attempts logged!) over 20 years ago I have NEVER used less than 13 characters in any of my passwords. With software like LastPass and Roboform and others available, using the excuse of "I can't remember my password if it's more than 6 characters" just doesn't wash any more. The solution to password cracking lies solely in YOUR hands.

Leaving standard files (like install.php) on your server is likewise your OWN responsibility and if you do leave them lying around and they're used to hack your site ... well who's a brainless muppet then? I do wonder about the quality of thinking from some of the people who code in this way though - I mean just HOW hard is it to delete a file automatically as part of a (successful) installation - it's JUST SMOP (Simple Matter Of Programming)!

The solution to badly coded software that leaves SQL injection holes all over is a far bigger problem that is typically NOT in your hands (to solve anyway) since the code usually (but not always) sits on a third party site and to which you may have NO access at all. Again though it's down to the distinct lack of good programming and data handling practice that exists on the Internet (and elsewhere - look no further than those gross security violators Microsoft for countless examples of appallingly bad and inconsistent coding practice).

However, where the code sits on your OWN site and is NOT obfuscated by Zend or equivalent it is WELL worth just understanding the SQL injection process and checking out the code yourself. You do NOT have to be a programmer to do this, just check out any of the HUGE amount of info available on this subject via a Google search, open relevant PHP files in a text editor and search for SQL statements within the code. Just comparing these to on-line samples of good and bad code will tell you very quickly and without becoming a programming expert IF the code is poorly written or not from a SQL perspective. Here's a good link to give a reasonably understandable explanation and examples (just Googled it):

unixwiz.net/techtips/sql-injection.html - sorry I can't post a clickable link

I don't have or use RAP so I can't do such a check to confirm or deny this possibility, but perhaps someone on the forum that has it and is not afraid to search through the PHP text might want to check it out. Alternatively, if the owner of RAP follows this forum and reads this thread perhaps they'd like to have their code security vetted by an approved and independent source and publish the findings here on the forum to boost users' confidence.

Good security is a matter of mindset and awareness - if you're NOT aware of issues then you are extremely vulnerable. If you are aware, but of the mindset that it's "someone else's problem" I'd argue that you are just as, if not even more vulnerable, and certainly grossly negligent not to check things out properly. Get clued up on the basics at least and don't even think of bitching to Paypal - it's NOT their problem OR responsibility to solve YOUR site's security holes - It's YOURS!

Best regards.

WebMaestro,

Excellent points. I'd add just one thing: Do not use the same password for more than one thing. Re-using passwords (especially the way many people do, which is "the same one for everything") is a recipe for big trouble.

To make the point, consider this, from XKCD.com:



(Note: Cartoon specifically licensed for non-commercial re-distribution.)