Jump to content

Security Question...

Guest 7Design

By Guest 7Design
in Technical Help

 Share

Recommended Posts

Guest 7Design

Guest 7Design

Posted
Posted

Hi folks!

Trying to make an important decision here.

We are very concerned about the security of CC. We love the simplicty of it. However, we want to make sure that the php scripts are hacker proof...no vulnerabilities. Our company will do most of its' sales online, and we cant afford a script that will allow someone to mess up the server through a vulnerable script. (We had this happen on another site before with a script that the developers were unaware of, and they screwed up EVERYTHING!)

We want to make a decision this week as to go with CC or a hosted solution such as Mal's Ecommerce.

Just want to make sure it is safe from any sneaky php injection scripts.

Thanks for your help with this issue.

7Design

Link to comment
Share on other sites

Guest aikdo

Guest aikdo

Posted
Posted

up untill 3.0.7 there was a vunrability, 3.0.7 and 3.0.7pl1 are both patched however 3.0.7 doesn't work so use the pl1 version ;)

no script can garantee 100% security but Cc is to all knowlege secure and in the case of a vunrability all of us here are on the case ASAP to get a patch sent out to you...

If you want extra security i would recomend making sure your server has register_global off and that you use the renamable admin patch these will add just a little bit more security...

All in all though to answer your question Yes CC is secure to all knowlege...

Link to comment
Share on other sites
Guest degsey69

Guest degsey69

Posted
Posted

Hi folks!

Trying to make an important decision here.

We are very concerned about the security of CC. We love the simplicty of it. However, we want to make sure that the php scripts are hacker proof...no vulnerabilities. Our company will do most of its' sales online, and we cant afford a script that will allow someone to mess up the server through a vulnerable script. (We had this happen on another site before with a script that the developers were unaware of, and they screwed up EVERYTHING!)

We want to make a decision this week as to go with CC or a hosted solution such as Mal's Ecommerce.

Just want to make sure it is safe from any sneaky php injection scripts.

Thanks for your help with this issue.

7Design

All software and scripts are vunerable to hackers, that is the nature of of things.

I believe that with the masssive suport that cubecart gets from the members in the forums and the updated version, the vunerabilty to attack is lessened.

Its not how to stop the hackers, because believe me they will always find a way in. no matter what measures are put in, whatever package you choose.

Its down to three simple questions?

1. What is the support and response if a weakness is found in the security of the software? :P

2. How secure is my server and what will my ISP do to support me if I am hacked? ;)

3. Do I have the discipline to backup my website and sql database on a daily basis to lessen the effect of an incursion by a hacker? :D

The first one I can tell you is superb, look at the forums they tell the story.

The other two is up to you! :D

Link to comment
Share on other sites
Guest 7Design

Guest 7Design

Posted
Posted

up untill 3.0.7 there was a vunrability, 3.0.7 and 3.0.7pl1 are both patched however 3.0.7 doesn't work so use the pl1 version ;)

no script can garantee 100% security but Cc is to all knowlege secure and in the case of a vunrability all of us here are on the case ASAP to get a patch sent out to you...

If you want extra security i would recomend making sure your server has register_global off and that you use the renamable admin patch these will add just a little bit more security...

All in all though to answer your question Yes CC is secure to all knowlege...

We are using 3.0.7pl1. Where do we get the renamable admin patch?

Thanks for your support and input!

7Design

Link to comment
Share on other sites
jerseyjoe Newbie

jerseyjoe

Posted
Posted

admin patch is one of mine and you can get it at http://www.cubecart.com/site/forums/index....showtopic=15247

The three security practices are good advice but the third (daily backups) should not depend on discipline, given that almost any professional hosting service worthy of the name offers automatic scheduled backups. If your host offer cPanel, this is very easy to configure.

In a mission critcal situation, the backup should go to another drive. That costs a bit extra but the first time you need it you will find it was a damned good investment. You probably also should considser backups more frequent than just daily, if you have a store doing serious business.

Just one caution - you should not plan on restoring from backups yourself unless you have inhouse support that is fully qualified. It's best to have restorations done by your hosting tech support. And get a commitment from them that they will be there 24/7 and will do restorations on demand, without delay - like within a few minutes.

Good luck!

Link to comment
Share on other sites
Guest degsey69

Guest degsey69

Posted
Posted

admin patch is one of mine and you can get it at http://www.cubecart.com/site/forums/index....showtopic=15247

The three security practices are good advice but the third (daily backups) should not depend on discipline, given that almost any professional hosting service worthy of the name offers automatic scheduled backups. If your host offer cPanel, this is very easy to configure.

Just to qualify the third practice.

It is the self discipline to make sure that that the back up sevice is in place and that you actualy organise it.

There are a lot of people on these forums who got hacked and did not keep backups. We are all human and put off to tomorrow what they should have done today.

Proffesional restore is a good idea if we make time to organise it. ;)

Link to comment
Share on other sites
Guest 7Design

Guest 7Design

Posted
Posted

admin patch is one of mine and you can get it at http://www.cubecart.com/site/forums/index....showtopic=15247

The three security practices are good advice but the third (daily backups) should not depend on discipline, given that almost any professional hosting service worthy of the name offers automatic scheduled backups. If your host offer cPanel, this is very easy to configure.

Just to qualify the third practice.

It is the self discipline to make sure that that the back up sevice is in place and that you actualy organise it.

There are a lot of people on these forums who got hacked and did not keep backups. We are all human and put off to tomorrow what they should have done today.

Proffesional restore is a good idea if we make time to organise it. ;)

I agree degsey69. Your 3 points were noted and taken very seriously. The backups would be completed "at least" 5 times per day. With a business of this magnitude, we must be prepared.

So, with that said, here comes another "most important" question: We want rock solid hosting, and need a bit of advise as to decide on one of the following host types:

1. VPS

2. Semi-Dedicated Managed Server

3. Managed Dedicated Server

Any advice? The website will attract thousands of visitors per week, and LOTS of transactions. Which type would you recommend we go with. AND, a few outstanding hosting companies for each type (please). We are not cutting corners on this project. We firmly believe that you get what you pay for (from past experience). So, our main concern for our hosting company is 24/7/365 PHONE support if it is needed. The trouble ticket system is ok with smaller sites, but not even a consideration for this project.

Thanks for the FAST and OUTSTANDING help! I can't get over how fast members reply here. I just typed my last message, turned around and ate a sandwich, and when I came back, there were 4 more replies.

GREAT JOB! This is a selling point for us for CC. FAST SUPPORT is the key for the success of any product. We have been amazed at the support here for sure!

7Design :D

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

If your budget will support it, I'd ONLY use a dedicated server -- managed or unmanaged. Anything else and you're server is going to be subject to other people installing who knows what on there. So no matter how secure what you install is, they could install some poorly written crap and compromise the entire server.

It's the only thing I'd ever consider. But then again, I'm a command line junkie. I'd be lost without SSH access into my boxes.

Link to comment
Share on other sites
Guest 7Design

Guest 7Design

Posted
Posted

If your budget will support it, I'd ONLY use a dedicated server -- managed or unmanaged. Anything else and you're server is going to be subject to other people installing who knows what on there. So no matter how secure what you install is, they could install some poorly written crap and compromise the entire server.

It's the only thing I'd ever consider. But then again, I'm a command line junkie. I'd be lost without SSH access into my boxes.

Thanks Sir William. I agree 100%. Could you be kind enough to offer some outstanding managed dedicated server providers? I was directed to Rack Space before, they are TOP-NOTCH. But, starting price is $400/month. Maybe a bit steep for this company right now. Something a little bit more affordable for starting out. And, of course, managed with the phone support as I mentioned before.

7Design

Link to comment
Share on other sites
Guest 7Design

Guest 7Design

Posted
Posted

My recomendation is Fasthosts http://www.fasthosts.co.uk/dedicatedservers/compare/ as they offer 24/7 support and dedicated servers starting as little as £49pm thats about $100

Thanks aikdo. I took a look. We kind of want to keep the server in the U.S.

Anyone have any suggestions for: Managed Dedicated Servers in the U.S.?

I have been to WHT, and have looked for weeks. There is so much info over and so many opinions, you leave sometimes knowing less than when you arrived. Just looking for:

Managed Dedicated Server

cPanel

P-4

Again, thanks for any suggestions!

7Design

One more issue we encountered with CC. When we visit the home page, the image for the product shows up in the left column, but in the body of the page, it has the item name and info, but the "No Photo Available" image appears there and not our product image. ;)

Link to comment
Share on other sites
Guest EverythingWeb

Guest EverythingWeb

Posted
Posted

Personally, I wouldn't recommend FastHosts, in fact quite the opposite.

Their 'unlimited bandwith' servers, which are actually sat on 512Kbps connections, really are not worth anything. If I were you, and you were considering the UK, then a host in London is advised, otherwise a couple of the big datacentres in US are an option, if you deal direct.

Link to comment
Share on other sites
Guest 7Design

Guest 7Design

Posted
Posted

Two more issue we encountered with CC.

1. When we visit the home page, the image for the product shows up in the left column, but in the body of the page, it has the item name and info, but the "No Photo Available" image appears there and not our product image.

2. When I click on items to purchase and add them to my cart, the price is not showing up. And, if I add 5 of an item, it still only shows 1 with no cost total. It is not adding the price of the items you place in your cart. It just shows 0.00.

Any help on these?

7Design

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...