Hi Bob Yes I noticed that too. Thanks again for your thoughts. Very helpful.
Cheers Warwick On Jan 8, 6:32 am, Bob Brown <[email protected]> wrote: > By the way the first numeric part of the email address looks > suspiciously like a unix timestamp. That might help you work out when > something happened? Or it might not. > > Cheers, > > - Bob - > > On 8/01/2012, at 12:24 AM, Warwick <[email protected]> wrote: > > > > > > > > > Hi Bob > > > I really appreciate you looking into it and coming up with that. > > Apparently they did have a problem before they came to me and hosting > > was moved to us, so I'm guessing we won't have any records that could > > help. But it certainly does provide a viable-sounding explanation. > > I'll check further into it. > > > Thanks again, much obliged > > Warwick > > > On Jan 7, 8:08 pm, Bob Brown <[email protected]> wrote: > >> Hi Warwick, > > >> I'm way out of touch with osCommerce - was surprised to see it still > >> mentioned. I've not touched it for about 10 years. > > >> Anyway, I wondered if the data being incorrect was the result of a SQL > >> injection attack - these can allow attackers to arbitrarily alter any > >> data they wish. Google turned up the bestblooms website in this > >> pastebin > >> listhttp://pastebin.com/JCvkuuy7referencinghttp://www.bestblooms.co.nz/sh...I'm > >> not sure what > >> this is but Googling suggests it might be something to stop the Google > >> Spider from getting stuck in your website. > > >> I find it very curious that the pastebin mentioned lists a heap of > >> those killer.php's - it suggests to me that it may be an unintended > >> vector for an attack. It would be interesting to look in your apache > >> access logs (if they go back far enough) and look for odd URL's > >> (especially those that mention "UNION"). > >> Seehttp://www.ecommy.com/web-security/oscommerce-sql-injectionfora > >> little more info on SQL injection with an osCommerce flavour. > > >> Unfortunately this doesn't help recover your data, but it might help > >> point to a possible problem that needs to be fixed. > > >> Cheers, > > >> - Bob - > > >> On 19 December 2011 09:20, Warwick <[email protected]> wrote: > > >>> Hi David > > >>> Thanks, yes it's curious alright, because the purchasing public > >>> actually does get the correct set of emails sent to them, so it's > >>> correct somewhere in amongst it all; perhaps just when making the > >>> order and whilst all of the variables are yet to be written to the > >>> database? > > >>> Thanks very much for your help. > > >>> Cheers > >>> Warwick > > >>> -- > >>> NZ PHP Users Group:http://groups.google.com/group/nzphpug > >>> To post, send email to [email protected] > >>> To unsubscribe, send email to > >>> [email protected] > > >> -- > >> Bob Brown, [L|W]AMP Web Developer > >> [email protected],http://www.guru.net.nz > > > -- > > NZ PHP Users Group:http://groups.google.com/group/nzphpug > > To post, send email to [email protected] > > To unsubscribe, send email to > > [email protected] -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
