Jump to content

Cube cart 3.0.6 concerns

Guest Neveryll

By Guest Neveryll
in Technical Help

 Share

Recommended Posts

Guest Neveryll

Guest Neveryll

Posted
Posted

Hi hi all,

Well over the weekend we backed up the website and SQL database and updated from 3.0.6 to 3.0.8 amid concerns about security and the number of hits we received and continue to recieve based on being Googled for our earlier version.

My biggest concern is making sure that the website is still "clean" after a couple of hits we recieved.

I found a website that clearly documents the exploit but being as I don't know PHP all that well it may as well be written in Martian. My question is where do I need to look if someplace specific for the residuals that seemed to be part of this attack? While I don't know PHP I am familiar with programming and understand to a degree how PHP creates the pages.

Given the number of hits we receieved on such I guess another concern I would have is there a reason the Cubecart version should be displayed on the bottom at all times? My only line of reasoning on such is that wouldn't it make more sense to hide the version ID on all pages except the admin page after your logged in as the admin would be the only person who would theoretically be concerned with what version is being run and it would reduce the number of search engine based attack vectors??

If an admin would be interested in the websites I came across "showcasing" the exploits let me know. I'm guess you probably already know them but doesn't hurt to ask. :D

Thanks to all that reply,

Nev

Oops. Forgot to add I checked over in the bug section and saw a ticket in the priority section tagged about security that sounds like a guy was hacked using the exploit I read about. This was back in January so not sure if the issue is still valid for the party concerned or not. I'm curious what folder the offending file was found in so I can take a peek at mine in the same spot.

Link to comment
Share on other sites

Robsta Newbie

Robsta

Posted
Posted

This issue has been brought up before. The version number thread is here.

If you are worried about the version number being visible, then the quickest way to remove it is to license CubeCart. This removes the automated header and footer text.

Regarding the version details coming up in Google for your site, you will get this for a while as the results are not retrieved from the live site, but rather from their database of information gathered from previous robot visits.

Hope this helps.

Link to comment
Share on other sites
Guest Neveryll

Guest Neveryll

Posted
Posted

This issue has been brought up before. The version number thread is here.

If you are worried about the version number being visible, then the quickest way to remove it is to license CubeCart. This removes the automated header and footer text.

Regarding the version details coming up in Google for your site, you will get this for a while as the results are not retrieved from the live site, but rather from their database of information gathered from previous robot visits.

Hope this helps.

Good to know about the licensing and I think as soon as the business gets so far along we'll probably do such. My question would be more along the lines of why would you want to show the version at all free or otherwise if it encourages that kind of activity? I'll pop over on the refenced thread and add another hit.

As to the search results I know we will get continued hits as the information is cached on the search engine for a while. I figure this will go on for a while. Now that its patched I'm not as concerned but the possibly break needs to be explored.

Link to comment
Share on other sites
Guest walmarc

Guest walmarc

Posted
Posted

The removal of the licencing information is for a minimal fee. If you intend to make a profit from your store - surely it is a very worthwhile investment? ;)

An alternative is the open source community offerings such as osc***rce.....an excellent cart but more of a target IMO

Link to comment
Share on other sites
Robsta Newbie

Robsta

Posted
Posted

If you are worried about the version number being visible, then the quickest way to remove it is to license CubeCart. This removes the automated header and footer text.

The only way to remove the version number is to license your store, otherwise you will be breaking the copyright. If you have any questions, contact Brooky.

Was it something I said Estelle? ;)

Link to comment
Share on other sites
Guest vrakas

Guest vrakas

Posted
Posted

I have a few carts running for clients and i must say that i have registered each and everyone of them, reasons allready mentioned plus the support via ticket ;)

Link to comment
Share on other sites
Guest Neveryll

Guest Neveryll

Posted
Posted

I have a few carts running for clients and i must say that i have registered each and everyone of them, reasons allready mentioned plus the support via ticket ;)

I have no doubt we will be registering such for the business. Part of it is getting to that break even point and then we will be doing such.

I've looked at other carts but due to the nature of ummm our products only certain pay portals are viable for us. That and Oscommerce was less friendly in general so we opted for CubeCart. We really love the community here and CubeCart rocks for us. :)

Link to comment
Share on other sites
Robsta Newbie

Robsta

Posted
Posted

Sorry, just that you said "quickest way" ;) and I was just trying to highlight that it is the only way!

I was referring to the other way being the possible removal of the version number in a future release (see the thread I linked to) that Brooky indicated he was considering as an option. The licensing method was the quickest by comparison. I was not indicating any other method.

Link to comment
Share on other sites
Guest Neveryll

Guest Neveryll

Posted
Posted

Sorry, just that you said "quickest way" :) and I was just trying to highlight that it is the only way!

I was referring to the other way being the possible removal of the version number in a future release (see the thread I linked to) that Brooky indicated he was considering as an option. The licensing method was the quickest by comparison. I was not indicating any other method.

/rushes into the trees as Robsta and estelle duck it out Ninja style. :w00t:

:) ;)

Link to comment
Share on other sites
Guest vrakas

Guest vrakas

Posted
Posted

Glad you like CC and the community, welcome aboard ;)

I've looked at other carts but due to the nature of ummm our products only certain pay portals are viable for us. That and Oscommerce was less friendly in general so we opted for CubeCart. We really love the community here and CubeCart rocks for us. :)
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...