Jump to content

My site was hacked


Guest woodbtreasures

Recommended Posts

Can I ask the stupid question... what benefit does buying the licence do?

One thing I noticed was that there was some sort of zipped hacking file in each of my directory folders in my hosting - I lost everything.

Link to comment
Share on other sites

Buying a licence will remove the (powered by Cubecart) from your title and will also remove the Powered by Cubecart 3.x.x from the footer of your site meaning that when the script kiddies search for "powered by Cubecart" to find Cubecart stores to attack yours wont be there...

The min possitives however are the fact you get full support and you get to remove the copyrights, making your store look more profesional.

Link to comment
Share on other sites

Guest gwizard

This looks as less CC issue as host issue.

I guess you spoke before you read all the discussions about the security hole in CC?

No, I had read the threads before posting.

I am simply speaking from personal experience of being on both sides (ie both protecting and attacking).

Not long ago my forum got down and whole site deleted becouse php had vulnerability that neither my host nor I had been aware of. If you all had register_globals = off this hack would not had been successfull. That is why I said it is less insecure CC design and more insecure config of the host. Of course, it is both.

2Snowbaby:

Buying license allows you to remove the "Powered by CubeCart" from your pages. If you have completelly custom skin and no license strings then it is virtually impossible to find what you are running. BUT, Please mind that security through obscurity is stupid and futile concept in the long run.

Link to comment
Share on other sites

Thank you for your responses.... I know you are probably sick fed up of answering the same questions over and over, but I think I speak on behalf of everyone here when I say your time and replies really are appreciated.

Thank you :)

Link to comment
Share on other sites

Guest TheWetFish

Buying a licence will remove the (powered by Cubecart) from your title and will also remove the Powered by Cubecart 3.x.x from the footer of your site meaning that when the script kiddies search for "powered by Cubecart" to find Cubecart stores to attack yours wont be there...

The min possitives however are the fact you get full support and you get to remove the copyrights, making your store look more profesional.

Not trying to talk people out of buying a licence, yet they can still find the site using those key words/phrases due to google and alot of other search engines still having the site listed inside their cache. Buying a licence does NOT automatically remove your site listing from those search engines and people should not assume that would be the case. I have an old site that I closed almost a year ago and still shows up in google searches, even shows forum threads from that site and much more due to the pages being kept in google's cache.

However, the reasons for purchasing a licence are good reasons. Not sure exactly where each and every dollar is spent, yet would assume it helps with paying for hosting of this support forum and also the time invested in writing the CubeCart code. Writing code is not easy and not everybody can do it. If you are making money on your CubeCart store, why not give a bit back to the writers/coders of CC by buying a licence. I plan on it once I make a few sales from mine.

Matt

Link to comment
Share on other sites

If a hacker tries to exploit CC v3.0.6 but the site has register_global disabled, they will get a 403 error...however here is an explanation of how to bypass the 403 error ;)

url deleted by EvilHomeR

Inevitably there must be many more out there, and amateur hackers would definitely jump at every chance to have practise shots at hacking sites whilst following a manual (and there are heaps of vulnerable CC sites out there). I think it is quite useful at reading how they exploit our sites to quickly learn where things should be patched and updated. Others would have a much more educated opinion than mine though. B)

Edited by Puppy
Link to comment
Share on other sites

That was THE original script which has been circulated around the web it will ONLY work if the user is running v 3.0.0 through to 3.0.6 on a server that has register_globals ON otherwise it will fail...

The new version 3.0.7pl1 fixes this and will no longer allow people to bypass the 403 check ;)

Edited by aikdo
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...