For some reason my inventory quantities went crazy today. A ton of items have the wrong or negitive amount of items instock.
Im not sure why?

I restored yesterday mornings backup and it looks fine.
I restored this mornings backup and its wrong.
So I have it narrowed down to sometime between yesterday and today. But no idea on what would have made so many changes.

We have shut down the store until we hear back.
Im worried that if I revert back to the good backup, this will happen again in the future.

Here is a link to first page of the inventory.
https://www.offshoreelectrics.com/images_ecom/inventory_issue.png

Hi Steven
I can't say I've ever seen the inventory to go out like that so this is a new one for me really. But have you tried checking the database to see if there are tables that have been corrupted maybe? You do have a good backup of the database it seems so really, I would go back online again and if this does happen again, you've got that good backup to go back to.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Yes I checked the database, same results.
I'm going to go back online and see.

I've seen it a couple times as a probable result of malicious bot activity. If you have a few minutes to look over the log files for the period in question you might be able to isolate a likely pattern of attack traffic and pass that to Vince for analysis.

Peter


Professional ecommerce web hosting services
Shared hosting Windows & Linux | Dedicated servers | Domains | SSL
Ecommerce Templates specialists since 2003
https://servelink.com

It is certainly a good idea and worth looking over the logs, or send me the login and I'll look them over. But the reason I didn't mention this is that to alter the inventory the bots would have to create orders which would be visible in the admin orders page. It shouldn't also be possible to create an order that would put stock into negative territory.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Same thing this morning. I'll send you cpanel info now.

Vince should I try to restore the backup?

If it's just stock levels that need altering can you not use the csv upload from the admin to reinstate those?

It may be best to keep a copy of the inventory until this issue is resolved.




* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

Phil I can try that

quote:

---

If it's just stock levels that need altering can you not use the csv upload from the admin to reinstate those?

---

That's a really good idea.

I've checked the logs for malicious activity and can't find anything other than the usual script kiddies trying their luck. This is really strange in that it is just the stock that seems to be affected. Have you checked other parts of the site to make sure product descriptions, admin settings, options etc are all as they were?

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

everything else looks fine.
Ive changed passwords and things like that.

A few other things you might do just to tighten up security.

1. Use a login key on your login url
Admin login security (minimum Version 6.7)

You can define your own login key in includes.php meaning that it is possible only to log into the admin using the loginkey in the URL - without that key added the admin will show as disabled. Once set, you cannot log in without adding your login key to your admin login URL, your login URL would look like this for example...

http://www.yourstoreurl.com/vsadmin/login.php?loginkey=myloginkey

You will need the following in includes.php

$loginkey="myloginkey";

Changing of course "myloginkey" for a login key of your choice.

You can use anything you like as your loginkey, but as it's going to be entered in the URL you shouldn't use special characters.

2. Obviously you will have changed all passwords for FTP, cpanel etc etc. Login to your cpanel and ensure remote access to the database is not enabled.



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

I'll try anything. But this seems like more of a glitch than a hack.

quote:

---

But this seems like more of a glitch than a hack

---

I'm not too sure what's going on but nobody else has reported this.



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*
*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

I understand that no one else has reported. But Vince checked the logs.
Its important that I find out whats happening. There are 2500 products, and about 1/2 are being effected. Effectively closing us.

Happened again today. Im doing backup every 8 hours. So I had a backup from 40 minutes ago and after backup registration, the site is fine.

What else can I do to fix this?

Just a suggestion until you can pin down where its coming from I would remove non-essential pages from the server that contain forms like Speed Calculator / Links. It might also be a good thing to have a developer look over the code being used on those pages to ensure it is not vulnerable.

Winners never quit, quitters never win
CSS and Responsive Designs
User Manual for Ecommerce Templates

Also I would suggest changing your user that connects to the db and password, and change it in your db_conn_open file, and remove the old user.



Mike Beebe
President,
DataLinks Software Solutions
www.dlss.ca
Rate Me Here

ASP and PHP mods - www.dlss.ca/products.asp
A Tremendous Home - www.ATremendousHome.com
Buy Cigars Online www.CigarSmokeShop.net