KVR Audio

husker37 · Post by **husker37** » Mon Oct 05, 2020 11:57 am

Uncle E wrote: Sun Oct 04, 2020 8:10 pm
husker37 wrote: Sun Oct 04, 2020 6:18 pm information and IT security is my profession, and something that I am passionate about.
IT security is not my profession and I welcome all input.

My input is simply this - hire someone who knows what they're doing. I think when you were down this past summer you mentioned you had fired part of your IT team. I'm sure you know, but your business depends on having a reliable and secure web site and shopping experience. And that hasn't been the case for the past few years.

epiphaneia · Post by **epiphaneia** » Mon Oct 05, 2020 2:03 pm

Uncle E wrote: Mon Oct 05, 2020 5:37 am Thank you for telling me. Please try now:

www.jrrshop.com

Works for me now.

Uncle E · Post by **Uncle E** » Mon Oct 05, 2020 5:47 pm

Rivanni wrote: Mon Oct 05, 2020 9:13 am That's what Uncle E admits too but he draws some wrong conclusions.

Maybe there were more breaches. Noticing only this one doesn't mean that there weren't any others.
Not noticing that that someone gained access to personal information doesn't say it didn't happen

We do know conclusively that they did not modify our checkout page at all and all evidence shows that it was not a deep breach. The breach is detailed in the following link:

https://mage-one.com/2020/09/16/hacker- ... g-magento/

Uncle E · Post by **Uncle E** » Mon Oct 05, 2020 6:05 pm

husker37 wrote: Mon Oct 05, 2020 11:57 am My input is simply this - hire someone who knows what they're doing. I think when you were down this past summer you mentioned you had fired part of your IT team. I'm sure you know, but your business depends on having a reliable and secure web site and shopping experience. And that hasn't been the case for the past few years.

Thank you. The entire IT team is new. The breach that occurred over the weekend impacted over 2,000 websites and was caused by a vulnerability in the platform itself. Unfortunately, I don't think it was something anyone here could have prevented.

We will be launching a new site on a completely different platform soon.

paterpeter · Post by **paterpeter** » Mon Oct 05, 2020 6:34 pm

The attack seems to affect only shops running a version of Magento that has been end-of-life since June this year. As you should know, it's careless to run old, unsupported shop software. As much as I sympathize with you, Eric, you should have updated the software a long time ago. If I understand correctly, the attacker was able to inject arbitrary JavaScript into the user's page - a classic cross-site-scripting attack, which is one of the worst kinds of attacks. They could intercept anything the user enters, including personal information and credentials. In addition, when an admin is logged in, it could potentially give the attacker access to everything an admin can see or do. Please don't take the vulnerability so light-heartedly.

Tbh, "I don't think it was something anyone here could have prevented" is not a valid excuse when you run old software. If you had updated the shop software in time, nothing would have happened.

Uncle E · Post by **Uncle E** » Mon Oct 05, 2020 6:43 pm

We are using Mage One. It is currently supported.

I apologize if it sounds like I am taking it light-heartedly. I am not. We do have conclusive proof that our checkout page was not affected, meaning customers' information was not intercepted. Please understand my statement in the context of the post I was replying to. I was only trying to communicate that the situation was out of the control of my IT team.

sengoku · Post by **sengoku** » Tue Oct 06, 2020 1:52 am

paterpeter, magento1 is indeed EOL, but mageone is still supported. https://mage-one.com/2020/08/24/magento ... orthwhile/ - I don't think we can blame him for that.

Uncle E, this js injection isn't related to the PHP error display, which is a webserver configuration problem, so regardless if you change platform please ask your IT team to disable public-facing error traces.

Uncle E · Post by **Uncle E** » Tue Oct 06, 2020 1:55 am

sengoku wrote: Tue Oct 06, 2020 1:52 am Uncle E, this js injection isn't related to the PHP error display, which is a webserver configuration problem, so regardless if you change platform please ask your IT team to disable public-facing error traces.

Thank you. I will make sure it's taken care of soon.

goldenanalog · Post by **goldenanalog** » Tue Oct 06, 2020 2:08 am

It'd be great to be able to download the sounds that i've bought from you, Eric! A lot in my account, which I currently have zero access to. Anyway: you've been one of the best kvr citizens - giving out lots of valuable opinions and advice - I hope that, not just for my own selfish reasons; that you're able to get everything straightened out for all of us, Eric!

-GA

Uncle E · Post by **Uncle E** » Tue Oct 06, 2020 2:10 am

Thank you! I can provide the sounds to you now! I will PM you.

Carl W · Post by **Carl W** » Tue Oct 06, 2020 1:22 pm

Hi,

I just bought something on the JRRshop but because it is my first time I bought something there and got this message in an email "This license needs to be manually generated. You will be contacted immediately when it becomes available." I put JRRshop in Google and came on this thread. Can someone confirm my order was not a scam of the site and everything is ok? That the actual online JRRshop is the real one and I just have to wait a couple of days on my license?

Thanks

ralfrobert · Post by **ralfrobert** » Tue Oct 06, 2020 1:29 pm

Carl W wrote: Tue Oct 06, 2020 1:22 pm Hi,

I just bought something on the JRRshop but because it is my first time I bought something there and got this message in an email "This license needs to be manually generated. You will be contacted immediately when it becomes available." I put JRRshop in Google and came on this thread. Can someone confirm my order was not a scam of the site and everything is ok? That the actual online JRRshop is the real one and I just have to wait a couple of days on my license?

Thanks

This is normal with some orders. JRRShop is totally legit despite the technical problems in the near past. When in doubt, PM or mail to Uncle E. Nice guy, quite responsive, very helpful.

Carl W · Post by **Carl W** » Tue Oct 06, 2020 1:50 pm

ralfrobert wrote: Tue Oct 06, 2020 1:29 pm
Carl W wrote: Tue Oct 06, 2020 1:22 pm Hi,

I just bought something on the JRRshop but because it is my first time I bought something there and got this message in an email "This license needs to be manually generated. You will be contacted immediately when it becomes available." I put JRRshop in Google and came on this thread. Can someone confirm my order was not a scam of the site and everything is ok? That the actual online JRRshop is the real one and I just have to wait a couple of days on my license?

Thanks
This is normal with some orders. JRRShop is totally legit despite the technical problems in the near past. When in doubt, PM or mail to Uncle E. Nice guy, quite responsive, very helpful.

Thanks for your answer. I just wait in patience then.

paolostylo · Post by **paolostylo** » Tue Oct 06, 2020 1:54 pm

Carl W wrote: Tue Oct 06, 2020 1:50 pm
ralfrobert wrote: Tue Oct 06, 2020 1:29 pm
Carl W wrote: Tue Oct 06, 2020 1:22 pm Hi,

I just bought something on the JRRshop but because it is my first time I bought something there and got this message in an email "This license needs to be manually generated. You will be contacted immediately when it becomes available." I put JRRshop in Google and came on this thread. Can someone confirm my order was not a scam of the site and everything is ok? That the actual online JRRshop is the real one and I just have to wait a couple of days on my license?

Thanks
This is normal with some orders. JRRShop is totally legit despite the technical problems in the near past. When in doubt, PM or mail to Uncle E. Nice guy, quite responsive, very helpful.
Thanks for your answer. I just wait in patience then.

Yes, JRR ist totally legit.
They had serious problems with their webpage in the past months but most of the time it's stable.
And they are still in progress in redesigning the new one.
I'm sure that in November we will see something new.

And like ralfrobert said, you can write Uncle E a PM at any time. Very responsive and always willing to help.

Carl W · Post by **Carl W** » Tue Oct 06, 2020 2:21 pm

paolostylo wrote: Tue Oct 06, 2020 1:54 pm
Carl W wrote: Tue Oct 06, 2020 1:50 pm
ralfrobert wrote: Tue Oct 06, 2020 1:29 pm
Carl W wrote: Tue Oct 06, 2020 1:22 pm Hi,

I just bought something on the JRRshop but because it is my first time I bought something there and got this message in an email "This license needs to be manually generated. You will be contacted immediately when it becomes available." I put JRRshop in Google and came on this thread. Can someone confirm my order was not a scam of the site and everything is ok? That the actual online JRRshop is the real one and I just have to wait a couple of days on my license?

Thanks
This is normal with some orders. JRRShop is totally legit despite the technical problems in the near past. When in doubt, PM or mail to Uncle E. Nice guy, quite responsive, very helpful.
Thanks for your answer. I just wait in patience then.

Yes, JRR ist totally legit.
They had serious problems with their webpage in the past months but most of the time it's stable.
And they are still in progress in redesigning the new one.
I'm sure that in November we will see something new.
And like ralfrobert said, you can write Uncle E a PM at any time. Very responsive and always willing to help.

Thanks for your answer to. I got confused. I'm just gonna be patient

JRR shop info etc