Serious hack alert. No reply.

  • Resolved lalaloo

    (@lalaloo)


    6 years, 8 months ago

    On June 30th, I opened a ticket in your site at mycred.me
    Support Ticket #00001813
    To this day, there is no reply.

    Someone sign up to my site and showed me how easy it is to self-award any number of points via MyCred to himself, which is obviously a very serious issue for anyone using this plugin. This has been happening ever since your last update.

    Reply please?
    Or can you just confirm that you are going to give up on this plugin.

Viewing 9 replies - 1 through 9 (of 9 total)

  • Get ready to beg, I’ve been waiting for two weeks – Looking for alternatives!

    And yes, I’m happy to pay for support as this is a great free plugin, but I need to get replies in order to do that xD

    Thread Starter lalaloo

    (@lalaloo)

    Well, im still here. Waiting! No reply to date, either here or on their site. Time to move on? Any suggestions?

    Hi @lalaloo,

    Could you please roll back to version 1.7.9.3 and tell us if you still encounter the issue ?

    The reason, I believe, is that Gabriel, the previous dev of myCRED, was using mcrypt to secure submissions and interactions from the frontend. But PHP 7 is deprecating that library since it wasn’t updated in years and has become what we call abandonware. So the new devs of myCRED are removing it in order to avoid the deprecation warnings thrown by PHP 7.

    Thread Starter lalaloo

    (@lalaloo)

    I’d be happy to help, but I have no idea how to “re-enact” the hack. You see, someone came to my site, did the deed, then emailed me to alert me that he hacked mycred on my site to prove his point. If you tell me where to email you, I can pass on his email address if you think that will help.

    Plugin Contributor mycred

    (@mycred)

    Hi All,

    We apologize for the delay as the team was working on the release of myCred 1.8 and its out now, kindly note that we have already mentioned in the support thread that we will not be providing support at www.remarpro.com

    As per your issue is concerned kindly update myCred to the latest public version and let us know if the problem still persists. You can submit a ticket to us through mycred.me/support and elaborate more about the security issue if you face it again.

    We Hope you would understand and submit a ticket at support if you need further assistance.

    Thank You!
    Regards

    MyCred Support Team

    Dear @lalaloo , could you please share more details with us? if the plugin is not secure? better to prove so no one else gets harmed, thanks

    • This reply was modified 6 years, 2 months ago by edmondoddy.
    Plugin Contributor mycred

    (@mycred)

    Hi @edmondoddy,

    Our security team has already analyzed/tested the code and the plugin is secure. Secondly there was no proof provided by @lalaloo in the support ticket and on the support thread too. Hacks are not because of the plugin it is sometimes related to host providers too.

    Everyone can continue to use myCred as it is a secure plugin and there is no way to hack points. If you have any other query kindly reach us at mycred.me/support

    Thank You!
    Regards

    MyCred Support Team

    Hi Mycred team, thank you for replay. ??

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Serious hack alert. No reply.’ is closed to new replies.