Hi Bob I really appreciate you looking into it and coming up with that. Apparently they did have a problem before they came to me and hosting was moved to us, so I'm guessing we won't have any records that could help. But it certainly does provide a viable-sounding explanation. I'll check further into it.
Thanks again, much obliged Warwick On Jan 7, 8:08 pm, Bob Brown <[email protected]> wrote: > Hi Warwick, > > I'm way out of touch with osCommerce - was surprised to see it still > mentioned. I've not touched it for about 10 years. > > Anyway, I wondered if the data being incorrect was the result of a SQL > injection attack - these can allow attackers to arbitrarily alter any > data they wish. Google turned up the bestblooms website in this > pastebin > listhttp://pastebin.com/JCvkuuy7referencinghttp://www.bestblooms.co.nz/shop/images/killer.php- > I'm not sure what > this is but Googling suggests it might be something to stop the Google > Spider from getting stuck in your website. > > I find it very curious that the pastebin mentioned lists a heap of > those killer.php's - it suggests to me that it may be an unintended > vector for an attack. It would be interesting to look in your apache > access logs (if they go back far enough) and look for odd URL's > (especially those that mention "UNION"). > Seehttp://www.ecommy.com/web-security/oscommerce-sql-injectionfor a > little more info on SQL injection with an osCommerce flavour. > > Unfortunately this doesn't help recover your data, but it might help > point to a possible problem that needs to be fixed. > > Cheers, > > - Bob - > > On 19 December 2011 09:20, Warwick <[email protected]> wrote: > > > > > > > > > > > Hi David > > > Thanks, yes it's curious alright, because the purchasing public > > actually does get the correct set of emails sent to them, so it's > > correct somewhere in amongst it all; perhaps just when making the > > order and whilst all of the variables are yet to be written to the > > database? > > > Thanks very much for your help. > > > Cheers > > Warwick > > > -- > > NZ PHP Users Group:http://groups.google.com/group/nzphpug > > To post, send email to [email protected] > > To unsubscribe, send email to > > [email protected] > > -- > Bob Brown, [L|W]AMP Web Developer > [email protected],http://www.guru.net.nz -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
