DigitalAccessPass hacked – and changed address (PayPal IPN hack)

This is starting to become a big problem with many DAP websites being targeted. I’ve chatted personally with Veena, the author of the DAP plugin and she says the plugin is secure but I can’t help but notice other issues with the same problems I did.

About 8 months ago, I was hacked every day for about 3 weeks straight. I didn’t know what to do and was so frustrated. It goes something like this:

  • I wake up in the morning and get a DAP notification about a new user being created.
  • I look in the system and sure enough the new user is there (and granted access), but I got no email from PayPal saying payment received.
  • I go to DAP > Setup > Config > PayPal ¬†and sure enough there’s somebody else’s info in the PayPal email ID and token.
  • I would change the info back to mine and things would be quiet for the rest of the day or two and then wake up the morning and the nightmare is repeated.

Basically somebody hacked into my website database and changed the PayPal email to his so that the payments go to him. In my case and seems to be with just about everyone else, the hacker was in China. Here’s someone else with Digital Access Pass being attacked by Chinese hackers.

So how do we fix the hacked DAP problem and prevent this?

What likely happened is that the  hacker from a PHP vulnerability either in DAP or any of the other WordPress extensions I was using. This could be another plugin, even a theme. If you have older plugins or themes, or even WordPress itself, that are not updated, you need to do it right away.

  1. Now to find out what the hacker did. There’s a good chance the hacker created php backdoor scripts to access your database. You can find these files hidden inside your many website directories. One thing you can do is view your server logs to see what files and folders were accessed. You can notice the hacker’s IP because he probably changed it to something that looks obviously fake. In my case, the hacker’s IP was 8.8.8.8.
  2. What I would recommend is opening up one of your older backups and comparing it with a current backup (where you’re having problems now). Look to see what new files are created and only exist now but didn’t exist before. In my case, it was a bunch of Adminer script files that he hid in many places. Inside a DAP directory, inside a plugin directory, among the wp-uploads directory, inside an unused template directory. The first time we checked, there was about 5 files. The second time we REALLY checked, there was about 15-20 files. Delete all these files.
  3. Check to see if he created new DAP admin accounts. When we deleted all his backdoors, my PayPal ID was still being changed to something else and so we realized he got hold of an admin account. What he did was give admin rights to one of the DAP customers. And then he used his account to gain access. We changed the password on the DAP user, as well as our own admin account, as well as WordPress admin and all database passwords. It’s a total hassle, I know.

My programmer started to lock things up on my site and the whole time I was asking him. “How did the hacker get in?” And the programmer said he was 100% sure it was DAP. I think he was able to see that from the server logs. The problem was that DAP files are encoded and so my programmer can’t see where the weakness is in the code.

While attempting to solve the problem, my programmer kept complaining to me about how he felt DAP was coded poorly or in a nonsensical way and that it simply wasn’t well-written software. He pleaded with me to use something else but I hated to let go of my beloved DAP.

Throughout this whole time, I was contacting DAP support and they couldn’t offer me much help because they didn’t feel the problem was their plugin. They said I had to buy an hour of paid support to look into the problem and that it might take more time than that. They blamed the vulnerability on other plugins or themes or anything but their own plugin. While I will never know if the problem is DAP or not, I can definitely see that their support will not help me troubleshoot should I ever get hacked again in the future.

It was at this moment that I decided to take the plunge and look elsewhere and man…I found there were so many new membership plugins nowadays. If you’re just starting to look around now, I would like to suggest to you the best one.

It’s called “MEMBERPRESS”, you can see my review on it here.

Leave a Reply

Your email address will not be published. Required fields are marked *