By the way the first numeric part of the email address looks suspiciously like a unix timestamp. That might help you work out when something happened? Or it might not.
Cheers, - Bob - On 8/01/2012, at 12:24 AM, Warwick <[email protected]> wrote: > Hi Bob > > I really appreciate you looking into it and coming up with that. > Apparently they did have a problem before they came to me and hosting > was moved to us, so I'm guessing we won't have any records that could > help. But it certainly does provide a viable-sounding explanation. > I'll check further into it. > > Thanks again, much obliged > Warwick > > > On Jan 7, 8:08 pm, Bob Brown <[email protected]> wrote: >> Hi Warwick, >> >> I'm way out of touch with osCommerce - was surprised to see it still >> mentioned. I've not touched it for about 10 years. >> >> Anyway, I wondered if the data being incorrect was the result of a SQL >> injection attack - these can allow attackers to arbitrarily alter any >> data they wish. Google turned up the bestblooms website in this >> pastebin >> listhttp://pastebin.com/JCvkuuy7referencinghttp://www.bestblooms.co.nz/shop/images/killer.php- >> I'm not sure what >> this is but Googling suggests it might be something to stop the Google >> Spider from getting stuck in your website. >> >> I find it very curious that the pastebin mentioned lists a heap of >> those killer.php's - it suggests to me that it may be an unintended >> vector for an attack. It would be interesting to look in your apache >> access logs (if they go back far enough) and look for odd URL's >> (especially those that mention "UNION"). >> Seehttp://www.ecommy.com/web-security/oscommerce-sql-injectionfor a >> little more info on SQL injection with an osCommerce flavour. >> >> Unfortunately this doesn't help recover your data, but it might help >> point to a possible problem that needs to be fixed. >> >> Cheers, >> >> - Bob - >> >> On 19 December 2011 09:20, Warwick <[email protected]> wrote: >> >> >> >> >> >> >> >> >> >>> Hi David >> >>> Thanks, yes it's curious alright, because the purchasing public >>> actually does get the correct set of emails sent to them, so it's >>> correct somewhere in amongst it all; perhaps just when making the >>> order and whilst all of the variables are yet to be written to the >>> database? >> >>> Thanks very much for your help. >> >>> Cheers >>> Warwick >> >>> -- >>> NZ PHP Users Group:http://groups.google.com/group/nzphpug >>> To post, send email to [email protected] >>> To unsubscribe, send email to >>> [email protected] >> >> -- >> Bob Brown, [L|W]AMP Web Developer >> [email protected],http://www.guru.net.nz > > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
