ProductCart E-Commerce Solutions Homepage
Forum Home Forum Home > ProductCart > Using ProductCart
  New Posts New Posts RSS Feed - productcartexpert.com - Legit or Scam??
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

productcartexpert.com - Legit or Scam??

 Post Reply Post Reply
Author
Message
MGatESS View Drop Down
Groupie
Groupie
Avatar

Joined: 12-July-2006
Location: United States
Status: Offline
Points: 73
Post Options Post Options   Thanks (0) Thanks(0)   Quote MGatESS Quote  Post ReplyReply Direct Link To This Post Topic: productcartexpert.com - Legit or Scam??
    Posted: 01-December-2016 at 9:38am
Got the following message from 'duc@productcartexpert.com' - is this a scam (my gut tells me yes)??

Hello 'Endoscopy Support Services, Inc.',

My name is Truong Anh Duc, I am the official ProductCart developer since 2003.

I want to let you know that I found VERY SERIOUS security vulnerabilities on your store.

They are highly critical and very dangerous. With these vulnerabilities, hackers can control everything on your store, remove your files, erase your products and orders, steal your customers information, fake your store and steal money from your customers, destroy your database, shut down your store and so much more.

WARNING: I found them on all of ProductCart versions. Upgrading to new versions or using latest ProductCart files will not fix all of these vulnerabilities. I am pretty sure that the NetSource Commerce team - the ProductCart official development team cannot locate and fix all of these security vulnerabilities in a short term because I am the main part of this team and I have left. I knew they found and fixed some of them by following some of my traces when testing. But it's not all, there are many trails that hackers can use to attack your store.

I found these vulnerabilities before the Thanksgiving day 2016, but I kept them in secret because I don't want you to be in a panic about these security vulnerabilities in your important holidays: Thanksgiving day, Black Friday and Cyber Monday.

I don't release these security vulnerabilities reports, my test results, list of affected stores and their information to public yet because I want to give ProductCart store owners a chance to protect their stores and fix these vulnerabilities before hackers can find them.

Please follow the instructions below to protect your store and fix these vulnerabilities as soon as possible:
1. Back-up your store's database and your files
2. You can check your store's security test results, contact ProductCart Expert to protect your store and get the FREE security patch for your store by visiting the URL below:

http://www.productcartexpert.com/index.asp?k=UY2SJ5M9R4422I3489O73W50Y4L2N3&c=9702W06185GAAVV6YBKO8I91CP5BAV

(Please save this URL and keep it privately to check your store's security test results and its status)

You only have 24 hours before I release the ProductCart security vulnerabilities reports, list of affected stores and their information to public.

Please hurry up!!!

Also, with my experiences of ProductCart development, my skills and my knowledge of ProductCart codes, if you want to customize your ProductCart store, create new features or add-ons, fix bugs and security issues, I am the best choice for you with best services of a ProductCart official developer and lower fees. My custom ProductCart development fee is only $35usd per hour.
Thanks and best regards,

PRODUCTCART EXPERT
http://www.productcartexpert.com/index.asp?k=UY2SJ5M9R4422I3489O73W50Y4L2N3&c=9702W06185GAAVV6YBKO8I91CP5BAV

Note: I did some tests and researches on your store only, I didn't harm anything on your store. I only want to send you a security alert, let you know about my ProductCart experiences and skills, and want to help you fix these security vulnerabilities to against security threats online before it's too late.

If this is a scam, please can a REAL ProductCart official confirm this for other ProductCart users to be aware?  Thank you.
~ Mark G.

ESS, Inc. - www.endoscopy.com
Back to Top
sbryan View Drop Down
Newbie
Newbie


Joined: 24-August-2012
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote sbryan Quote  Post ReplyReply Direct Link To This Post Posted: 01-December-2016 at 10:54am
I received the exact same message but with our site name of course. Considering the domain was registered in September 2016 and he is wanting you to pay money to "protect" your store I'd say it is probably a scam.


Back to Top
Greg Dinger View Drop Down
Certified ProductCart Developers
Certified ProductCart Developers
Avatar

Joined: 23-September-2006
Location: United States
Status: Offline
Points: 238
Post Options Post Options   Thanks (0) Thanks(0)   Quote Greg Dinger Quote  Post ReplyReply Direct Link To This Post Posted: 02-December-2016 at 3:01pm
Hi guys -

Matt and others at Netsource are in the midst of dealing with this, but I know some details and will share them.  Netsource may want to add more details at the point that they can breathe.

Duc is indeed a programmer who has been involved in the core development of the platform since 2003.  He recently lost his job, and made a very foolish decision to take this "marketing approach" to attract  clients to his new enterprise.  Had he not made this poor choice, and instead reached out to the developers who know his work and recognize his skills, he might have been able to "write his own ticket".  Unfortunately, he made a poor decision with his scare tactics, and he has caused a great amount of disruption for all involved.

One of the developers has been in contact with Duc, who seems to be apologetic for his actions.  He has updated his web site and appears to no longer be making the sorts of threats that are reflected in the above e-mail. 

It is recommended that all ProductCart users update their Master Admin User Password.  Look down the SETTINGS menu in your admin and you will see that option.  If you have secondary admin users, you should reset those as well (find the menu option: Manage Control Panel Users ).  Also recommended is that your FTP passwords be updated.  

I wish Duc good fortune, but his actions have really made him somewhat untouchable at this point, at least for those I'm in contact with and have been impacted by his actions.  It's a real pity...  The dude is a really good programmer, but this bad judgment is going to be hard to look past.


Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.092 seconds.