Spam sent from index.php - will security patch fix?

[ClaireWalters]

I got this (pasted below) message from my clients host - they locked me out of the account - when I explained that I was not sending mails from this account and a security patch was avail - they reopened the account.

Does anyone know if installing the security patch will stop this from happening?

I removed return true; after $data[$key] = $this->safety($val); in the ini.inc.php file

- a large amount of spam has been sent by the following script:

~/index.php total: 16410 permissions: 644

mails sent in week 09 : 2

mails sent in week 10 : 7

mails sent in week 12 : 17

mails sent in week 13 : 13951

mails sent in current week: 2433

[Guest Brivtech]

My recommendation would be that you submit a support ticket, so this can be addressed directly by the CubeCart developers. If a security breach exists, they'll want to fix it in an instant, and issue an update for everyone else.

Out of interest, what version of CubeCart are you using?

[ClaireWalters]

4.2.0

Oh - the site doesn't have any customers - and I'm still adding product - its not an active site yet.

[Guest tetra4]

This happened to one of my clients stores too, his some parts from the email the hosting company sent him:

a large amount of spam has been sent by the following script:

~/store/index.php total: 6260 permissions: 644

mails sent in week 12 : 11

mails sent in week 13 : 6249

Upload a more secure version of the following modules of your software.

These files are vulnerable and were used as a gateway by the attackers:

toshibatecstore.co.uk /index.php $cpage,catId,redir,_g,_a,contact

toshibatecstore.co.uk /contact-us/index.php $contact

Is there a fix for this?

[Guest Brivtech]

Yes. The answer is in the post immediately above yours.