7 day shop has been hacked...

liss said:
what is the point reallly?
Click to expand...

Good hacking is generally to point out holes in security. 7day shop will step up their security after this if they're clever. If they're not clever then they're partly to blame.
 
Gary-360 said:
Disgruntled hacker!
Click to expand...

Eloquent as well! If they were pee'd off I would have thought that an explanation instead of an
explicative may have been better
But who knows how their minds work :shrug:
 
petemc said:
Good hacking is generally to point out holes in security. 7day shop will step up their security after this if they're clever. If they're not clever then they're partly to blame.
Click to expand...

I wouldn't call this good hacking, it's just filth. My father orders print cartridges from them and I have had to call him to make sure he doesn't visit the site.

If the idea is to point out holes in their security then why not post a message to say that? I suggest the "point" here was to have a laugh and because they can. I repeat my first reply - What a bunch of mindless w*****s! :thumbsdown:
 
I wouldn't call it good hacking either. A good hacker would have informed them of the exploit instead of cracking the site. I imagine this is just some script looking for holes and hacking them. 7day used OSCommerce I think. Its entirely possible there's a bug and this hackers script simply exploited it. Seems like its a Turkish group.
 
petemc said:
I wouldn't call it good hacking either. A good hacker would have informed them of the exploit instead of cracking the site. I imagine this is just some script looking for holes and hacking them. 7day used OSCommerce I think. Its entirely possible there's a bug and this hackers script simply exploited it. Seems like its a Turkish group.
Click to expand...

OK, a bunch of Turkish mindless literate w*****s then! :D
 
I thought the gunshots were very realistic!
 
LULZ

It's only the homepage though, every other page can be accessed.
 
But having seen the homepage would you trust your credit card details to the site?
 
This guy was able to hack in to the homepage.

I doubt he's hacked in to the data encryption protocol, they're completely seperate.

But I still wouldn't, no. Then again I'm one of the 'stupid' ones that ordered a 8GB lexar card from memoryKing and half the people on here thought our credit cards were going to get haxz0red 2 teh max.

They were wrong, for me alteast. I got an email saying it was a pricing error and the order was cancelled, like I said I would.
 
Last edited:
2Thumbs said:
This guy was able to hack in to the homepage.

I doubt he's hacked in to the data encryption protocol, they're completely seperate.
Click to expand...

How do you know? If they are into the site then I dont see that you can be at all sure that they have not accessed data. Unless you know a great deal about the architecture of the 7day site and its supporting systems and databases.
Unless you mean the https - which only works as a secure carrier between the site and the browser. But is not relevant to a hack of the site or data.

The most encouraging thing is that they have defaced. If they could easily pull data then they would be best served by doing it quietly. But then a lot of people have reported fraudulant transactions after using 7dayshop. Theres a thread on it soomewhere here.


As an aside, a good few years ago I tracked back a hacker and got access to the site they used to collect data. I pulled off the info they had aquired - lists of names, addresses, phone numbers and credit card details.

I rang the police - didn't know what to do with it.
Rang the banks - only interested in hearing from their customers.

So I rang a few people - chosen at random out of the UK details. Typical call:
'Good Morning, is that Mr xxx.'
'Yes, who's calling?'
'Could I confirm that your credit card details for me please? xxx, xxx, xxx, expires, xxx security number xxx'
'Hang on...err yes...err... Are you my bank?'
'Nope, I'm sorry to have to tell you that your details have been stolen, I suggest that you contact your bank as a matter of urgency and cancel your card'

One of them rang me back the next day - their bank told them not to worry unless they had strange transaction appear on the card statement!!!
 
Last edited:
If you've dealt with them before then I'd start keeping an eye out on your bank accounts until you get an announcement from 7dayshop.
 
fabs said:
I wouldn't call this good hacking, it's just filth. My father orders print cartridges from them and I have had to call him to make sure he doesn't visit the site.

If the idea is to point out holes in their security then why not post a message to say that? I suggest the "point" here was to have a laugh and because they can. I repeat my first reply - What a bunch of mindless w*****s! :thumbsdown:
Click to expand...


I agree :thumbs:
 
Ergh.. what on earth is the point..?! is that the sort of site that is going to start sending out viruses and stuff once you go onto the home page..?!
Are the users at risk do you think??
 
WTF?! I can't believe that 4 hours later, they STILL haven't turned off the server! Better the site be inaccessible than that page showing they've been hacked still showing up. That's not exactly going to build consumer confidence.
 
Yeah, that's pretty bad. What's even worse is the hosting company should have done it automatically if it thinks that one of it's nodes is compromised.
 
Assuming its an issue with the host. I'm sure theres something in the TOS that says you should secure your site. Most likely its an OSCommerce exploit. They should have sorted this hours ago though. In minutes tbh.
 
lol.....never used that site because of the reports of dodgy going's on and too see this just makes me worry further.

Also, you guys noticed more than 4 hours ago and they still havent pulled the site so whats the deal there, do they like a big advert on the front page saying 'we dont give a toss about security'
 
7day use an external merchanting service, I forget exactly which one but 'like' worldpay, 7day do not take card details etc via their website so any purchase made through them is safe.
 
Appears to be sorted now, but I agree 4 hours is way to long!

EDIT: Beaten to it by Marc
 
maddog.mark said:
Appears to be sorted now, but I agree 4 hours is way to long!

EDIT: Beaten to it by Marc
Click to expand...

And that was only since I noticed - not sure how long it had been like it before I saw it.

I good hacker that does it to demonstrate a security flaw would not change the homepage to what they did. These are mindless idiots.

A good hacker would do it in a subtle way and point it out to the owner, or just point it out to the owner and not change anything.

Of course if they had done the above and 7dayshop just ignored them then I guess this could have annoyed the hacker and they reacted in that way I guess?
 
Some hackers will make the vulnerability known and give a deadline before they make it public. That way it's up to the site owner to repair the hole before the deadline expires. a lot of hackers end up making a shed load of money as security analysts.
 
Blimey. It's back up again. Still, considering the time the hacker's signature was up gives me no confidence at all in that company. Can't say I'll ever be using them now.
 
These things happen all the time and to bigger companies than 7Day, defacing a websites front page is not difficult, it's just a matter of exploiting unclosed loopholes to upload your own page. It doesn't mean the site is unsecure, especially when that site handles transactions via a third party. You guys shop where you want, I'll go where I get the best price and if that's 7day, that's where I'll shop.
 
DPhotographer forum website got hacked a few weeks ago and some bunch of weirdos calling themselves 4chan's bitches got all the member's email addresses and mailed them.
 
4chan is a massive community , surprised if you havnt already heard of them
 
Missed this, what had been changed on it?
 
liss said:
4chan is a massive community , surprised if you havnt already heard of them
Click to expand...

Hadn't heard of them until the DP website got hacked then I looked up their website. Links to some dodgepots there.
 
You must log in or register to reply here.
Back
Top