Has the Store web page been hacked


#1

Hi @Rainie, @Noah, @Jade

Has the Store web page been hacked? This page is presented when you go to the Snapmaker Store

Doug


#2

Hi All

Problem has disappeared; keep your eyes open though.

Doug


#3

Not for me, it seems the SSL certificate is still pointing to a different domain

Any site that process credit card payment should be using a min extended level of SSL to prevent fraud.

With a little bit of digging, the victor canera SSL appears to be a free let’s encrypt SSL certificate, so it snapmaker.com. Which in most case its perfectly ok for personal website and any site that doesnt collect data of any form.


#4

Have the problem too and I think I found why:


#5

I see the same thing @rojaljelly posted.

@Jade, please escalate this with your IT team. https://store.snapmaker.com/ has an SSL cert that is not associated with snapmaker.com. If you are not planning a promotion with Victor Canera (and I see no reason why SnapMaker would affiliate with a jewelry reseller, esp. without using their own SSL cert), then somebody has access to your DNS servers. This could have easily been worse, and likely will become worse if you don’t catch it now.

Are you customers of Linode? If not, it may already be worse.

Usually this sort of thing is caused by re-using passwords on multiple sites. e.g., the Twitter password is the same as the GoDaddy password and the Facebook password. Any site that has the same password as GoDaddy should be assumed to be compromised.


#6

Hi @Rainie

Your engineers need to stop this…confidence and credibility are at stake.

Doug


#7

I am sure that a lot fo people here are familiar with technology, but I have done some research on this issue and I agree with clewis, your DNS servers are pointing to this and there currently isnt a way around it.

This doesnt look good for your brand image. You guys really need to take a look at this.

Edit: After checking the SSL, it seems that someone has access to the site. They have uploaded a cert that points to affiliates.victorcanera.com

Edit 2: I missed the point rojajelly made. it is “SHOP” not “STORE” in the URL.


#8

@doug @rojaljelly @Akarcz124 @TangoCharlie @clewis

Thank you all for reporting this issue.
I have found the root cause. Here is why

https://store.snapmaker.com  was the legacy domain for our online store. 
The new domain is https://shop.snapmaker.com

But I made a mistake, I do a 30x redirect in 66.175.219.58(https://store.snapmaker.com) nginx server.which is ok and ensure smooth transition. But a few months after the migration, I remove the legacy server instance, I should have removed the dns record. The ip(66.175.219.58) now is reallocate to Victor Canera. Which lead to the confusion. Our server is not hacked. The explicit security waring is because other people SSL certificate is not match with our domain.

Now, I have update the DNS record. I should take effect in a few hours. I will verify it later today make sure it works as expected.

Really appreciate your effort for reporting this issue. Thanks.

Bests
David


#9

@whimsycwd

Well done. Onwards and upwards

Doug


#10

@whimsycwd

Looking good. I had bookmarked the offending pages such as https://shop.snapmaker.com/affiliates and they are no longer found “404 Page Not Found”. Well done.

Keep having fun.

Doug