Needing ZenCart/PHP expert
1) I received? information from my ISP about my Zencart software which was hacked into using the "tell? a friend" widget to send out spam. I have since had the software updated. I'd like the bugs sourced and corrected. I have some details from the ISP.
2) I also just received an? email from a potential (and now lost) client saying the following: "hi. i just tried for the 2nd time to order something but am not comfortable entering my social security # or checking account #. is there a way to order without doing that? i have never had to put in that info on any other site."
I queried her about which step this? occurred at and she? said: "? it was after i put my cc info in then there was a new screen that came up requesting that other info.? dont worry about my order anymore. you may want to look into the issue that i was talking about, thou. i wonder if your site was hacked.
I really need this looked at.?
3)? I also have had a problem intermittently with? some of my Zencart invoices not showing up in the system as an order though I received payment from my pymt gateway.
4) Finally? I'm looking for information on how the newsletter request area wokrs since people may be signing up for a newsletter and I can't see hwo to find them or send on to them.?
1) Info received from my ISP about the original hack:
"I've just finished cleaning up a infiltration to the server and have determined that the user script compromised to allow the hack is [url removed, login to view]'s shopping cart. Please contact your client and have them immediately fix this. The script itself is a couple years out of date and as such likely requires a full upgrade to the latest, if no later version is found then she needs to either find a coder who can block the holes or switch to something more secure.
I've enabled her shop again and taken some steps to stop the hack at the server level. She still needs to get the entire thing updated though and world write was turned off in the images folder as well since that is how they got in.
She also needs to remove the ability for custom notes in the "recommend this product" form ... it is being used to send spam now ...
I feel for these clients sometimes, they get sold a script by a developer but are never told that it would require updates, then of course they get shoddy coded stuff full of holes that needs work later on.
I can take some steps server side to stop the hacks but can't block it all, and those mail response things are a total pain as they're always abused at some point by the spammers. :)"
2) further info re the strange request for personal info from? a recent order:
I have received a couple of orders since and don't know if they were asked the same information.
[[url removed, login to view]] is the address of the website shop