Guest 7Design Posted January 11, 2006 Share Posted January 11, 2006 Hi folks! Trying to make an important decision here. We are very concerned about the security of CC. We love the simplicty of it. However, we want to make sure that the php scripts are hacker proof...no vulnerabilities. Our company will do most of its' sales online, and we cant afford a script that will allow someone to mess up the server through a vulnerable script. (We had this happen on another site before with a script that the developers were unaware of, and they screwed up EVERYTHING!) We want to make a decision this week as to go with CC or a hosted solution such as Mal's Ecommerce. Just want to make sure it is safe from any sneaky php injection scripts. Thanks for your help with this issue. 7Design Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted January 11, 2006 Share Posted January 11, 2006 up untill 3.0.7 there was a vunrability, 3.0.7 and 3.0.7pl1 are both patched however 3.0.7 doesn't work so use the pl1 version no script can garantee 100% security but Cc is to all knowlege secure and in the case of a vunrability all of us here are on the case ASAP to get a patch sent out to you... If you want extra security i would recomend making sure your server has register_global off and that you use the renamable admin patch these will add just a little bit more security... All in all though to answer your question Yes CC is secure to all knowlege... Quote Link to comment Share on other sites More sharing options...
Guest degsey69 Posted January 11, 2006 Share Posted January 11, 2006 Hi folks! Trying to make an important decision here. We are very concerned about the security of CC. We love the simplicty of it. However, we want to make sure that the php scripts are hacker proof...no vulnerabilities. Our company will do most of its' sales online, and we cant afford a script that will allow someone to mess up the server through a vulnerable script. (We had this happen on another site before with a script that the developers were unaware of, and they screwed up EVERYTHING!) We want to make a decision this week as to go with CC or a hosted solution such as Mal's Ecommerce. Just want to make sure it is safe from any sneaky php injection scripts. Thanks for your help with this issue. 7Design All software and scripts are vunerable to hackers, that is the nature of of things. I believe that with the masssive suport that cubecart gets from the members in the forums and the updated version, the vunerabilty to attack is lessened. Its not how to stop the hackers, because believe me they will always find a way in. no matter what measures are put in, whatever package you choose. Its down to three simple questions? 1. What is the support and response if a weakness is found in the security of the software? 2. How secure is my server and what will my ISP do to support me if I am hacked? 3. Do I have the discipline to backup my website and sql database on a daily basis to lessen the effect of an incursion by a hacker? The first one I can tell you is superb, look at the forums they tell the story. The other two is up to you! :D Quote Link to comment Share on other sites More sharing options...
Robsta Posted January 11, 2006 Share Posted January 11, 2006 I agree entirely with degsey69 and aikdo. There is only one guaranteed way to be 100% secure from any online attack.... don't go online. Unfortuantely that is not an viable option. ;) Quote Link to comment Share on other sites More sharing options...
Guest Posted January 11, 2006 Share Posted January 11, 2006 As the saying goes, the only computer that is 100% safe from being hacked/attacked, is one that's not plugged in...not even to the electricity. ;) Quote Link to comment Share on other sites More sharing options...
Guest 7Design Posted January 11, 2006 Share Posted January 11, 2006 up untill 3.0.7 there was a vunrability, 3.0.7 and 3.0.7pl1 are both patched however 3.0.7 doesn't work so use the pl1 version no script can garantee 100% security but Cc is to all knowlege secure and in the case of a vunrability all of us here are on the case ASAP to get a patch sent out to you... If you want extra security i would recomend making sure your server has register_global off and that you use the renamable admin patch these will add just a little bit more security... All in all though to answer your question Yes CC is secure to all knowlege... We are using 3.0.7pl1. Where do we get the renamable admin patch? Thanks for your support and input! 7Design Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted January 11, 2006 Share Posted January 11, 2006 admin patch is one of mine and you can get it at http://www.cubecart.com/site/forums/index....showtopic=15247 Quote Link to comment Share on other sites More sharing options...
Guest degsey69 Posted January 11, 2006 Share Posted January 11, 2006 admin patch is one of mine and you can get it at http://www.cubecart.com/site/forums/index....showtopic=15247 Can this be used on cc ver 3.04 with all the security patcheson ;) Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted January 11, 2006 Share Posted January 11, 2006 No but if you want a 3.0.4 version then send me a copy of your admin folder and i can work on it for you ... will take a while though im afraid... Quote Link to comment Share on other sites More sharing options...
jerseyjoe Posted January 11, 2006 Share Posted January 11, 2006 admin patch is one of mine and you can get it at http://www.cubecart.com/site/forums/index....showtopic=15247 The three security practices are good advice but the third (daily backups) should not depend on discipline, given that almost any professional hosting service worthy of the name offers automatic scheduled backups. If your host offer cPanel, this is very easy to configure. In a mission critcal situation, the backup should go to another drive. That costs a bit extra but the first time you need it you will find it was a damned good investment. You probably also should considser backups more frequent than just daily, if you have a store doing serious business. Just one caution - you should not plan on restoring from backups yourself unless you have inhouse support that is fully qualified. It's best to have restorations done by your hosting tech support. And get a commitment from them that they will be there 24/7 and will do restorations on demand, without delay - like within a few minutes. Good luck! Quote Link to comment Share on other sites More sharing options...
Guest degsey69 Posted January 11, 2006 Share Posted January 11, 2006 admin patch is one of mine and you can get it at http://www.cubecart.com/site/forums/index....showtopic=15247 The three security practices are good advice but the third (daily backups) should not depend on discipline, given that almost any professional hosting service worthy of the name offers automatic scheduled backups. If your host offer cPanel, this is very easy to configure. Just to qualify the third practice. It is the self discipline to make sure that that the back up sevice is in place and that you actualy organise it. There are a lot of people on these forums who got hacked and did not keep backups. We are all human and put off to tomorrow what they should have done today. Proffesional restore is a good idea if we make time to organise it. ;) Quote Link to comment Share on other sites More sharing options...
Guest 7Design Posted January 11, 2006 Share Posted January 11, 2006 admin patch is one of mine and you can get it at http://www.cubecart.com/site/forums/index....showtopic=15247 The three security practices are good advice but the third (daily backups) should not depend on discipline, given that almost any professional hosting service worthy of the name offers automatic scheduled backups. If your host offer cPanel, this is very easy to configure. Just to qualify the third practice. It is the self discipline to make sure that that the back up sevice is in place and that you actualy organise it. There are a lot of people on these forums who got hacked and did not keep backups. We are all human and put off to tomorrow what they should have done today. Proffesional restore is a good idea if we make time to organise it. I agree degsey69. Your 3 points were noted and taken very seriously. The backups would be completed "at least" 5 times per day. With a business of this magnitude, we must be prepared. So, with that said, here comes another "most important" question: We want rock solid hosting, and need a bit of advise as to decide on one of the following host types: 1. VPS 2. Semi-Dedicated Managed Server 3. Managed Dedicated Server Any advice? The website will attract thousands of visitors per week, and LOTS of transactions. Which type would you recommend we go with. AND, a few outstanding hosting companies for each type (please). We are not cutting corners on this project. We firmly believe that you get what you pay for (from past experience). So, our main concern for our hosting company is 24/7/365 PHONE support if it is needed. The trouble ticket system is ok with smaller sites, but not even a consideration for this project. Thanks for the FAST and OUTSTANDING help! I can't get over how fast members reply here. I just typed my last message, turned around and ate a sandwich, and when I came back, there were 4 more replies. GREAT JOB! This is a selling point for us for CC. FAST SUPPORT is the key for the success of any product. We have been amazed at the support here for sure! 7Design :D Quote Link to comment Share on other sites More sharing options...
Guest Posted January 11, 2006 Share Posted January 11, 2006 If your budget will support it, I'd ONLY use a dedicated server -- managed or unmanaged. Anything else and you're server is going to be subject to other people installing who knows what on there. So no matter how secure what you install is, they could install some poorly written crap and compromise the entire server. It's the only thing I'd ever consider. But then again, I'm a command line junkie. I'd be lost without SSH access into my boxes. Quote Link to comment Share on other sites More sharing options...
Guest 7Design Posted January 11, 2006 Share Posted January 11, 2006 If your budget will support it, I'd ONLY use a dedicated server -- managed or unmanaged. Anything else and you're server is going to be subject to other people installing who knows what on there. So no matter how secure what you install is, they could install some poorly written crap and compromise the entire server. It's the only thing I'd ever consider. But then again, I'm a command line junkie. I'd be lost without SSH access into my boxes. Thanks Sir William. I agree 100%. Could you be kind enough to offer some outstanding managed dedicated server providers? I was directed to Rack Space before, they are TOP-NOTCH. But, starting price is $400/month. Maybe a bit steep for this company right now. Something a little bit more affordable for starting out. And, of course, managed with the phone support as I mentioned before. 7Design Quote Link to comment Share on other sites More sharing options...
Guest aikdo Posted January 11, 2006 Share Posted January 11, 2006 My recomendation is Fasthosts http://www.fasthosts.co.uk/dedicatedservers/compare/ as they offer 24/7 support and dedicated servers starting as little as £49pm thats about $100 Quote Link to comment Share on other sites More sharing options...
Guest 7Design Posted January 11, 2006 Share Posted January 11, 2006 My recomendation is Fasthosts http://www.fasthosts.co.uk/dedicatedservers/compare/ as they offer 24/7 support and dedicated servers starting as little as £49pm thats about $100 Thanks aikdo. I took a look. We kind of want to keep the server in the U.S. Anyone have any suggestions for: Managed Dedicated Servers in the U.S.? I have been to WHT, and have looked for weeks. There is so much info over and so many opinions, you leave sometimes knowing less than when you arrived. Just looking for: Managed Dedicated Server cPanel P-4 Again, thanks for any suggestions! 7Design One more issue we encountered with CC. When we visit the home page, the image for the product shows up in the left column, but in the body of the page, it has the item name and info, but the "No Photo Available" image appears there and not our product image. ;) Quote Link to comment Share on other sites More sharing options...
Guest Denver Dave Posted January 11, 2006 Share Posted January 11, 2006 Why make it easy for the hackers by providing the version numbers? See discussion here: http://www.cubecart.com/site/forums/index....showtopic=15374 Quote Link to comment Share on other sites More sharing options...
Guest EverythingWeb Posted January 11, 2006 Share Posted January 11, 2006 Personally, I wouldn't recommend FastHosts, in fact quite the opposite. Their 'unlimited bandwith' servers, which are actually sat on 512Kbps connections, really are not worth anything. If I were you, and you were considering the UK, then a host in London is advised, otherwise a couple of the big datacentres in US are an option, if you deal direct. Quote Link to comment Share on other sites More sharing options...
Guest Posted January 11, 2006 Share Posted January 11, 2006 I've been looking for a while for a good dedicated provider, but so far, I can't save enough over what I have now to make it worth it. The best deals I've seen so far are from Server Beach -- http://www.serverbeach.com/ ;) Quote Link to comment Share on other sites More sharing options...
jerseyjoe Posted January 11, 2006 Share Posted January 11, 2006 I'll send you a PM with my suggestion. Can't do it in public. Quote Link to comment Share on other sites More sharing options...
Guest 7Design Posted January 12, 2006 Share Posted January 12, 2006 I'll send you a PM with my suggestion. Can't do it in public. Ok jerseyjoe. Thanks. Quote Link to comment Share on other sites More sharing options...
Guest 7Design Posted January 12, 2006 Share Posted January 12, 2006 Two more issue we encountered with CC. 1. When we visit the home page, the image for the product shows up in the left column, but in the body of the page, it has the item name and info, but the "No Photo Available" image appears there and not our product image. 2. When I click on items to purchase and add them to my cart, the price is not showing up. And, if I add 5 of an item, it still only shows 1 with no cost total. It is not adding the price of the items you place in your cart. It just shows 0.00. Any help on these? 7Design Quote Link to comment Share on other sites More sharing options...
Guest degsey69 Posted January 13, 2006 Share Posted January 13, 2006 Why make it easy for the hackers by providing the version numbers? See discussion here: http://www.cubecart.com/site/forums/index....showtopic=15374 You know that the fee that Brooky charges removes the ver number which makes it harder for the hackers ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.