Guest Neveryll Posted February 20, 2006 Share Posted February 20, 2006 Hi hi all, Well over the weekend we backed up the website and SQL database and updated from 3.0.6 to 3.0.8 amid concerns about security and the number of hits we received and continue to recieve based on being Googled for our earlier version. My biggest concern is making sure that the website is still "clean" after a couple of hits we recieved. I found a website that clearly documents the exploit but being as I don't know PHP all that well it may as well be written in Martian. My question is where do I need to look if someplace specific for the residuals that seemed to be part of this attack? While I don't know PHP I am familiar with programming and understand to a degree how PHP creates the pages. Given the number of hits we receieved on such I guess another concern I would have is there a reason the Cubecart version should be displayed on the bottom at all times? My only line of reasoning on such is that wouldn't it make more sense to hide the version ID on all pages except the admin page after your logged in as the admin would be the only person who would theoretically be concerned with what version is being run and it would reduce the number of search engine based attack vectors?? If an admin would be interested in the websites I came across "showcasing" the exploits let me know. I'm guess you probably already know them but doesn't hurt to ask. Thanks to all that reply, Nev Oops. Forgot to add I checked over in the bug section and saw a ticket in the priority section tagged about security that sounds like a guy was hacked using the exploit I read about. This was back in January so not sure if the issue is still valid for the party concerned or not. I'm curious what folder the offending file was found in so I can take a peek at mine in the same spot. Quote Link to comment Share on other sites More sharing options...
Robsta Posted February 20, 2006 Share Posted February 20, 2006 This issue has been brought up before. The version number thread is here. If you are worried about the version number being visible, then the quickest way to remove it is to license CubeCart. This removes the automated header and footer text. Regarding the version details coming up in Google for your site, you will get this for a while as the results are not retrieved from the live site, but rather from their database of information gathered from previous robot visits. Hope this helps. Quote Link to comment Share on other sites More sharing options...
Guest Neveryll Posted February 20, 2006 Share Posted February 20, 2006 This issue has been brought up before. The version number thread is here. If you are worried about the version number being visible, then the quickest way to remove it is to license CubeCart. This removes the automated header and footer text. Regarding the version details coming up in Google for your site, you will get this for a while as the results are not retrieved from the live site, but rather from their database of information gathered from previous robot visits. Hope this helps. Good to know about the licensing and I think as soon as the business gets so far along we'll probably do such. My question would be more along the lines of why would you want to show the version at all free or otherwise if it encourages that kind of activity? I'll pop over on the refenced thread and add another hit. As to the search results I know we will get continued hits as the information is cached on the search engine for a while. I figure this will go on for a while. Now that its patched I'm not as concerned but the possibly break needs to be explored. Quote Link to comment Share on other sites More sharing options...
Guest estelle Posted February 20, 2006 Share Posted February 20, 2006 If you are worried about the version number being visible, then the quickest way to remove it is to license CubeCart. This removes the automated header and footer text. The only way to remove the version number is to license your store, otherwise you will be breaking the copyright. If you have any questions, contact Brooky. Quote Link to comment Share on other sites More sharing options...
Guest walmarc Posted February 20, 2006 Share Posted February 20, 2006 The only way to remove the version number is to license your store, otherwise you will be breaking the copyright. If you have any questions, contact Brooky. The removal of the licencing information is for a minimal fee. If you intend to make a profit from your store - surely it is a very worthwhile investment? An alternative is the open source community offerings such as osc***rce.....an excellent cart but more of a target IMO Quote Link to comment Share on other sites More sharing options...
Robsta Posted February 20, 2006 Share Posted February 20, 2006 If you are worried about the version number being visible, then the quickest way to remove it is to license CubeCart. This removes the automated header and footer text. The only way to remove the version number is to license your store, otherwise you will be breaking the copyright. If you have any questions, contact Brooky. Was it something I said Estelle? ;) Quote Link to comment Share on other sites More sharing options...
Guest estelle Posted February 20, 2006 Share Posted February 20, 2006 Sorry, just that you said "quickest way" and I was just trying to highlight that it is the only way! Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted February 20, 2006 Share Posted February 20, 2006 I have a few carts running for clients and i must say that i have registered each and everyone of them, reasons allready mentioned plus the support via ticket ;) Quote Link to comment Share on other sites More sharing options...
Guest Neveryll Posted February 20, 2006 Share Posted February 20, 2006 I have a few carts running for clients and i must say that i have registered each and everyone of them, reasons allready mentioned plus the support via ticket I have no doubt we will be registering such for the business. Part of it is getting to that break even point and then we will be doing such. I've looked at other carts but due to the nature of ummm our products only certain pay portals are viable for us. That and Oscommerce was less friendly in general so we opted for CubeCart. We really love the community here and CubeCart rocks for us. :) Quote Link to comment Share on other sites More sharing options...
Robsta Posted February 20, 2006 Share Posted February 20, 2006 Sorry, just that you said "quickest way" and I was just trying to highlight that it is the only way! I was referring to the other way being the possible removal of the version number in a future release (see the thread I linked to) that Brooky indicated he was considering as an option. The licensing method was the quickest by comparison. I was not indicating any other method. Quote Link to comment Share on other sites More sharing options...
Guest Neveryll Posted February 20, 2006 Share Posted February 20, 2006 Sorry, just that you said "quickest way" and I was just trying to highlight that it is the only way! I was referring to the other way being the possible removal of the version number in a future release (see the thread I linked to) that Brooky indicated he was considering as an option. The licensing method was the quickest by comparison. I was not indicating any other method. /rushes into the trees as Robsta and estelle duck it out Ninja style. ;) Quote Link to comment Share on other sites More sharing options...
Robsta Posted February 20, 2006 Share Posted February 20, 2006 /rushes into the trees as Robsta and estelle duck it out Ninja style. :lol: Quote Link to comment Share on other sites More sharing options...
Guest Neveryll Posted February 20, 2006 Share Posted February 20, 2006 Sorry couldn't resist. I love my smiley collection and you have some neat ones to play with here as well. ;) Quote Link to comment Share on other sites More sharing options...
Guest estelle Posted February 20, 2006 Share Posted February 20, 2006 ;) Great! Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted February 21, 2006 Share Posted February 21, 2006 Glad you like CC and the community, welcome aboard I've looked at other carts but due to the nature of ummm our products only certain pay portals are viable for us. That and Oscommerce was less friendly in general so we opted for CubeCart. We really love the community here and CubeCart rocks for us. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 21, 2006 Share Posted February 21, 2006 Welcome on board ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.