15 {{ upvoteCount | shortNum }}
15 {{ upvoteCount | shortNum }}

Easy Member Pro... hacked - twice! Any ideas?

by Paul Barrs
12 replies
Hi Folks,

I use Easy Member Pro for two of my sites and this past month have had the same problem on both...

On arriving on the main page, the page is no longer viewable and the content is gone.

Inside the admin area some pages have been made 'available' and others' now unavailable and "invisible". It's an easy 5 minutes 'reset', but I don't know why it's happening in the first place.

Whoever / whatever is doing this has clearly got an inside crack to the EMP database and I'm worried about what more they might do.

Ideas? Suggestions?

Paul Barrs

PS. And don't say bother suggesting WordPress as a membership option, it's even less secure with tens of thousands of people trying to crack it daily!!
#easy #hacked #ideas #member #pro
  • Profile picture of the author KarlWarren
    Hi Paul,

    I'm one of the owners of EasyMemberPro - with my partner Kim Standerline.

    Our programmer is not a member of WarriorForum but this kind of thing takes top priority - if possible, would you mind logging a ticket here: Cash Money Marketers - Powered by Kayako SupportSuite Help Desk Software

    And we can keep a log of the issues, work out any exploits and investigate the issue fully.

    Many thanks.
    Karl.
    Signature
    eCoverNinja - Sales Page Graphics & Layout Specialist
    {{ DiscussionBoard.errors[6612470].message }}
  • Profile picture of the author Cash Money Hosting
    We are looking into this issue, however I do not believe it to be a hack, but some deep rooted issue with the script, and certain hosting providers.

    I would recommend deleting the install folder to see if that relieves the issue.
    {{ DiscussionBoard.errors[6613555].message }}
  • Profile picture of the author GarrieWilson
    however I do not believe it to be a hack, but some deep rooted issue with the script, and certain hosting providers.
    That would be a "hacking" issue if the script can be exploited on certain hosts...
    Signature
    Screw You, NameCheap!
    $1 Off NameSilo Domain Coupons:
    SAVEABUCKDOMAINS & DOLLARDOMAINSAVINGS
    {{ DiscussionBoard.errors[6613801].message }}
    • Profile picture of the author Paul Barrs
      Originally Posted by KarlWarren View Post

      Hi Paul,

      I'm one of the owners of EasyMemberPro - with my partner Kim Standerline.

      Our programmer is not a member of WarriorForum but this kind of thing takes top priority - if possible, would you mind logging a ticket here: Cash Money Marketers - Powered by Kayako SupportSuite Help Desk Software

      And we can keep a log of the issues, work out any exploits and investigate the issue fully.

      Many thanks.
      Karl.
      Thanks karl - ticket submitted.

      Originally Posted by GarrieWilson View Post

      That would be a "hacking" issue if the script can be exploited on certain hosts...
      Hey Garrie - good to 'see' you

      Paul
      Signature
      **********
      It's Simple... I don't "sell" IM anymore, but still do lots of YouTube Videos
      **********
      {{ DiscussionBoard.errors[6614228].message }}
      • Profile picture of the author Paul Myers
        Garrie,
        That would be a "hacking" issue if the script can be exploited on certain hosts...
        I think he meant it was a compatibility issue with certain hosts, rather than an exploitable vulnerability.

        I'd be interested to know which hosts he believes to present the problem, or what factor might be at the root of it.


        Paul
        Signature
        .
        Stop by Paul's Pub - my little hangout on Facebook.

        {{ DiscussionBoard.errors[6614409].message }}
        • Profile picture of the author Paul Barrs
          Originally Posted by Paul Myers View Post

          Garrie,I think he meant it was a compatibility issue with certain hosts, rather than an exploitable vulnerability.

          I'd be interested to know which hosts he believes to present the problem, or what factor might be at the root of it.


          Paul
          It would be interesting so see... especially since I've had the script running a few years and never had a problem.

          (the other) Paul
          Signature
          **********
          It's Simple... I don't "sell" IM anymore, but still do lots of YouTube Videos
          **********
          {{ DiscussionBoard.errors[6614748].message }}
  • Profile picture of the author Adevictus
    Membership software - aMember Pro is the best and most secure around
    Signature

    It's all about the money...

    {{ DiscussionBoard.errors[6614432].message }}
  • Profile picture of the author GarrieWilson
    I think he meant it was a compatibility issue with certain hosts, rather than an exploitable vulnerability.
    What's the difference?

    If something isnt compatible and allows people to add/change the pages on certain hosts, would that not be an exploit?

    -g
    Signature
    Screw You, NameCheap!
    $1 Off NameSilo Domain Coupons:
    SAVEABUCKDOMAINS & DOLLARDOMAINSAVINGS
    {{ DiscussionBoard.errors[6614504].message }}
    • Profile picture of the author Paul Myers
      Garrie,
      What's the difference?
      One involves a malicious human doing something. The other just breaks on its own because the software doesn't work and play well together. (Assuming he meant what I think he meant.)


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[6615106].message }}
  • Profile picture of the author jay walters
    Originally Posted by Paul Barrs View Post

    Hi Folks,

    I use Easy Member Pro for two of my sites and this past month have had the same problem on both...

    On arriving on the main page, the page is no longer viewable and the content is gone.

    Inside the admin area some pages have been made 'available' and others' now unavailable and "invisible". It's an easy 5 minutes 'reset', but I don't know why it's happening in the first place.

    Whoever / whatever is doing this has clearly got an inside crack to the EMP database and I'm worried about what more they might do.

    Ideas? Suggestions?

    Paul Barrs

    PS. And don't say bother suggesting WordPress as a membership option, it's even less secure with tens of thousands of people trying to crack it daily!!
    Thanks for the heads up Paul Barr
    hope this get's settled before we launch next week.

    Any idea Cash Money Hosting and KarlWarren why this happened?

    I'll also ask my developers to keep their eyes peeled.

    Thanks much
    {{ DiscussionBoard.errors[6651420].message }}
  • Profile picture of the author Paul Barrs
    Quick update -

    From the feedback I've been given from the helpdesk; while this has happened to some others, it's not a 'hack' - it's a tech glitch from the two latest updates; they are "working" on it for the next update.

    So if you're reading this and it has happened to you, simply reset your page settings for home, affiliates, contact etc and you're back online.

    I'm going to be using the webpage change notification service at ChangeDetect - Web Page Monitoring - Free Online Service to help me keep an eye on things.

    Paul
    Signature
    **********
    It's Simple... I don't "sell" IM anymore, but still do lots of YouTube Videos
    **********
    {{ DiscussionBoard.errors[6659673].message }}
    • Profile picture of the author jay walters
      Originally Posted by Paul Barrs View Post

      Quick update -

      From the feedback I've been given from the helpdesk; while this has happened to some others, it's not a 'hack' - it's a tech glitch from the two latest updates; they are "working" on it for the next update.

      So if you're reading this and it has happened to you, simply reset your page settings for home, affiliates, contact etc and you're back online.

      I'm going to be using the webpage change notification service at ChangeDetect - Web Page Monitoring - Free Online Service to help me keep an eye on things.

      Paul
      Thanks for following up with this issue... brings some comfort to the issue.
      We actually delayed putting up another membership site until we got some feed
      from this.

      Thanks again.
      {{ DiscussionBoard.errors[6740056].message }}

Trending Topics