Dear A.m,
also our nopcommerce 2.70 was hacked.
We had the same issue of gfrick... all the nvarchar(max) fields of out database have append an html like that:
Our sql server machine is behind firewall and cannot be acces from remote.
Not other site or database on the same server was hacked.
I don't kwow how to reproduce the issue, but the injection is the most likely hypothesis.
Claudio
also our nopcommerce 2.70 was hacked.
We had the same issue of gfrick... all the nvarchar(max) fields of out database have append an html like that:
<div style="display:none">go <a href="http://www.crossbordercapital.com/blog/template/page/i-cheated-on-my-husband.aspx">how women cheat</a> all wife cheat</div><div style="display:none">wifes cheat <a href="http://www.fem-choice.com/femchoice/page/women-who-cheated.aspx">online</a> redirect</div>
Our sql server machine is behind firewall and cannot be acces from remote.
Not other site or database on the same server was hacked.
I don't kwow how to reproduce the issue, but the injection is the most likely hypothesis.
Claudio
Hello Claudio,
We do have a 3.0 Nop version with several customizations and I don't know how to call the intrusion (SQL Injection, XSRF or CSRF) but we frequently have our database injected with the same type of code you described above including the same format. The "injector" puts these lines on any field with nvarchar(MAX). So we have fields changed on 57.000 records on each attack. I started cleaning it manually because we would loose transactions between backups. We are working on having this site updated but it will take a few weeks as there are lots of customizations and the source we have is corrupted and beyond rescue.
We also have a Nop 3.6 installed on another website and it is a clean install without any modifications. We do have the same issue with. So I don't know how the 3.6 Version is immune to these attacks.
Have you solved your problem? If so how?
We are currently using an application (Nopfix - http://www.nopfix.com) that does the cleaning automatically when there is an attack and it has been working fine for the past 3 months. Once there is an attack it immediately cleans and restores the database to what was prior of the attack.
We are tired of keeping tabs on our systems due to the attacks. Please let me know if you have fixed your issue.