• Welcome to ScubaBoard


  1. Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

    Benefits of registering include

    • Ability to post and comment on topics and discussions.
    • A Free photo gallery to share your dive photos with the world.
    • You can make this box go away

    Joining is quick and easy. Login or Register now by clicking on the button

Deep6 Website Security Issues?

Discussion in 'Deep 6 Gear' started by CuriousRambler, Feb 12, 2020.

  1. CuriousRambler

    CuriousRambler Contributor

    # of Dives: 25 - 49
    Location: Montana
    567
    226
    Anybody else having problems with deep6gear.com? I haven't had issues in the past, but today my Symantec won't allow me to visit, throwing a warning about "Formjacking," which suggests some malicious code skimming credit card info.

    Here's Symantec's description of the warning, which rates severity as "high."

    I don't suspect any foul play from Deep6, but I don't think there's any shortage of nefarious individuals looking for an easy payday.
     
    NIS1169 likes this.
  2. JBFG

    JBFG Contributor

    # of Dives: I just don't log dives
    Location: Ottawa, Canada
    1,291
    729
    I just tried. Works for me without issues.
     
  3. dfcliff

    dfcliff ScubaBoard Supporter ScubaBoard Supporter

    # of Dives: 0 - 24
    Location: Augusta, GA
    27
    22
    The website is up, but several scanners are reporting a javascript highjack. This particular javascript doesn't stop the website for working, it attempts to skim the credit card info and send it to a third party.
     
  4. LandonL

    LandonL ScubaBoard Supporter ScubaBoard Supporter

    # of Dives: I just don't log dives
    Location: Fort Lauderdale, FL
    620
    538
    Website is in Maintenance mode while I investigate.
     
  5. cerich

    cerich ScubaBoard Supporter ScubaBoard Supporter

    # of Dives: 5,000 - ∞
    Location: Georgia
    6,877
    3,976
    Thanks guys.. Landon is on it.. next time call??? :)

    From what Landon is seeing that looks like very recent, we are working with Magento to see what they say as well, we installed all their latest security updates literally a couple days ago and this was after that..grrr. We also did some security updates on the server box prior, same day.
     
    NIS1169 and dfcliff like this.
  6. CuriousRambler

    CuriousRambler Contributor

    # of Dives: 25 - 49
    Location: Montana
    567
    226
    Sorry cerich. I did spend a little time trying to find a phone number, but my computer wouldn't allow me to load your site. Only had so much time to dedicate to it on break at work, so this was my next best solution to putting it out for peer-review within my deadline :)

    I know I visited your site a few days ago from the same computer and got no warning, so I'd agree it's likely very recent.
     
    cerich and NIS1169 like this.
  7. cerich

    cerich ScubaBoard Supporter ScubaBoard Supporter

    # of Dives: 5,000 - ∞
    Location: Georgia
    6,877
    3,976
    No worries, glad you posted .

    I am so annoyed that right after Landon (not me..) spent literaly a day installing every security patch and then making sure it didn't break anything with add on modules etc... this happens.
     
  8. Nestor Wheelock

    Nestor Wheelock Registered

    # of Dives: 0 - 24
    Location: Saint Louis City Missouri
    5
    5
    Hi Landon,

    I was turned onto Deep 6 by referral when I discovered the roadblocks the industry has created for individuals like myself with technical and mechanical aptitude, to learn and be self-reliant when it comes to all the aforementioned reasons on the website pertaining to servicing one's own gear. I'm finally pursuing a lifelong desire to dive but what I found was the same BS I have to deal with as a wholly independent unauthorized non-certified open source computer tech shop owner when it comes to buying parts from the computer manufacturers (Apple is the worst). I'll reach out to you independently for further discussion about the right to repair movement and at some point attending a service clinic with you/Deep6.

    Meanwhile I was on your site just now and I see that this thread is fresh so while I was visiting your site I noticed that the js isn't loading right when navigating pages. I was surfing, and questioning my instructor's statements he made in our class when it comes to new vs used gear, and got a healthy dose of fear mongering ie: "a regulator hose alone can cost 100 or more dollars..blah blah ..you'll die" And this discussion here explains to me how hard you've been working on fixing it and why on the site when I was drilling into the products to see actually the truth is not all hoses cost that much, but why they do at the LDS. Anyway, I have over a decade of experience as a *nix systems programmer working on the LAMP stack and I think what ya'll are doing over there with the business model is really a good solution for guys who aren't scared to take anything apart, like me. If I can be of any assistance, or just a cheerleader, I'm available to share whatever webdev knowledge I've accumulated.

    Users reporting errors is helpful so I wanted to report the following. It looks like the database is asking for an upgrade.

    At HP Rubber Hoses Various Lengths the server barfed out the following:

    1 exception(s):
    Exception #0 (Magento\Framework\Exception\LocalizedException): Please upgrade your database: Run "bin/magento setup:upgrade" from the Magento root directory.
    The following modules are outdated:
    Auctane_Api schema: current version - 2.0.16, required version - 2.0.23
    Auctane_Api data: current version - 2.0.16, required version - 2.0.23

    Exception #0 (Magento\Framework\Exception\LocalizedException): Please upgrade your database: Run "bin/magento setup:upgrade" from the Magento root directory.
    The following modules are outdated:
    Auctane_Api schema: current version - 2.0.16, required version - 2.0.23
    Auctane_Api data: current version - 2.0.16, required version - 2.0.23
    <pre>#1 Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}() called at [vendor/magento/module-page-cache/Model/App/FrontController/BuiltinPlugin.php:73]
    #2 Magento\PageCache\Model\App\FrontController\BuiltinPlugin->aroundDispatch() called at [vendor/magento/framework/Interception/Interceptor.php:135]
    #3 Magento\Framework\App\FrontController\Interceptor->Magento\Framework\Interception\{closure}() called at [vendor/magento/framework/Interception/Interceptor.php:153]
    #4 Magento\Framework\App\FrontController\Interceptor->___callPlugins() called at [generated/code/Magento/Framework/App/FrontController/Interceptor.php:26]
    #5 Magento\Framework\App\FrontController\Interceptor->dispatch() called at [vendor/magento/framework/App/Http.php:116]
    #6 Magento\Framework\App\Http->launch() called at [generated/code/Magento/Framework/App/Http/Interceptor.php:24]
    #7 Magento\Framework\App\Http\Interceptor->launch() called at [vendor/magento/framework/App/Bootstrap.php:261]
    #8 Magento\Framework\App\Bootstrap->run() called at [index.php:39]
    </pre>
     
    cerich, RyanT and Tournesol2000 like this.
  9. Nestor Wheelock

    Nestor Wheelock Registered

    # of Dives: 0 - 24
    Location: Saint Louis City Missouri
    5
    5
    Is this a MS Windows server? The paths look like Windows file systems paths. Also don't forget to dump it before you perform the upgrade in case it gets borked (speaking from experience).

    PS. I know who I'm buying my first regulator from.
     
    cerich and Tournesol2000 like this.
  10. LandonL

    LandonL ScubaBoard Supporter ScubaBoard Supporter

    # of Dives: I just don't log dives
    Location: Fort Lauderdale, FL
    620
    538
    @Nestor Wheelock

    Lol. You hit the website during the 15 minute window while I was reconnecting it to our shipping processor. I had it in developer mode. You should no longer see the above you mentioned, as I have completed the integration.

    Would love to chat more, but currently have ordering turned off while I work on finalizing some updates and security enhancements.

    Not an MS Windows server, it is a Ubuntu/Apache LAMP server.

    Cheers,
    Landon
     
    1isNone likes this.

Share This Page