CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviContribute (Moderator: Donald Lobo) »
  • CiviCRM Security Breach
Pages: [1]

Author Topic: CiviCRM Security Breach  (Read 769 times)

jellobrain

  • I post occasionally
  • **
  • Posts: 30
  • Karma: 0
  • charmed, i'm sure.
    • jellobrain
  • CiviCRM version: 3.3.2
  • CMS version: drupal 6.x
  • MySQL version: 5.1
  • PHP version: 5.2
CiviCRM Security Breach
November 11, 2009, 09:30:50 am
I have CiviCRM 2.2.7 (waiting to upgrade to 3.x), and had a security breach of our authorize.net transaction key which resulted in ~80 transactions (testing credit cards, I presume) from an IP address in Indonesia.

We first found the issue when we were reviewing authorize.net transactions on their website, and saw multiple (~80) declined transactions apparently coming from an existing contact in Civi.  When we looked at her record, we found no signs of any membership, event or activity transactions.  We did find record of those charges, however, in the change log for that contact.

My setup of CiviCRM (with regards to my SSL certificate) is the same as here:

http://glast.pi.infn.it/mech/Joomla/Componenti/civicrm/CRMDOC/CiviContribute%20Payment%20Processor%20Configuration.html

We have an SSL certificate, and any address that begins with /civicrm is immediately redirected to an https.

I have been working with Authorize.net (who determined the security breach was not on their end) and Mayfirst (who are looking into it, but coming to the same conclusion).  They are trying to understand if out SSL certificate was breached, or our CiviCRM implementation.  That ticket is located here:

https://support.mayfirst.org/ticket/2624

Please advise.  We are struggling right now to get this taken care of immediately.
__

jellobrain.com

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: CiviCRM Security Breach
November 11, 2009, 10:22:02 am

1. can u let us know what was there in the change log? we should not be creating any contacts / records for a declined transaction (like this one)

2. is it possible that someone's account (that contact ids account) was compromised and there were doing transactions from that person? via a script?

3. what does the description say of the transaction

4. finally what version of civicrm/drupal

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using CiviContribute (Moderator: Donald Lobo) »
  • CiviCRM Security Breach

This forum was archived on 2017-11-26.