Jump to content

My host closed me down

Guest Eagleofnorth

By Guest Eagleofnorth
in Technical Help

 Share

Recommended Posts

Guest Eagleofnorth

Guest Eagleofnorth

Posted
Posted

I have been happily running CC 3.0.17 since it was released. A couple of days ago my host closed it down, saying the software was outdated.

I then upgraded to 3.0.20. This morning my host closed the site again....

This is the content of the auto generated file old-software.txt :

# Domeneshop/Domainnameshop autogenerated at 2011-02-23 09:43:18

# Old software found: 7

CubeCart 3.0.5 - VULNERABLE: ./www/cart/admin/modules/gateway/AsianPay/index.php

CubeCart 3.0.1 - VULNERABLE: ./www/cart/admin/modules/gateway/Authorize/index.php

CubeCart 3.0.1 - VULNERABLE: ./www/cart/admin/modules/gateway/Authorize_AIM/index.php

CubeCart 3.0.2 - VULNERABLE: ./www/cart/admin/modules/gateway/DirectPayment/index.php

CubeCart 3.0.2 - VULNERABLE: ./www/cart/admin/modules/gateway/ExpressCheckout/index.php

CubeCart 3.0.0 - VULNERABLE: ./www/cart/admin/modules/shipping/By_Price/index.php

CubeCart 3.0.18 - VULNERABLE: ./www/cart/admin/products/index.php

As I said, I did upgrade to 3.0.20 (and I'm sure it is the safe version, ref the sticky post in this forum),

Thanks for any help!

Egil.

Link to comment
Share on other sites

Guest Eagleofnorth

Guest Eagleofnorth

Posted
Posted

Thanks for answering, guys.

I have done some more correspondance with the host, wich by the way is www.domainnameshop.com. They are the biggest hosting provider in Norway, and AFAIK they operate in the UK also.

First they insisted that the most recent version is CC 4.4.3. I tried to explain that there still are two branches, and that 3x is still supported (and linsence key removal is still sold).

This is a translation of their answer:

"This software has not been maintained for one and a half year, it has documented security issues not fixed in 3.x (see for example Secunia for CubeCart 3.x).

The software therefore has to be considered abandoned by its publisher. As far as we know all CubeCart versions including 4.3.9 has known security issues"

:mellow:

Link to comment
Share on other sites
kinetic Newbie

kinetic

Posted
Posted

Thanks for answering, guys.

I have done some more correspondance with the host, wich by the way is www.domainnameshop.com. They are the biggest hosting provider in Norway, and AFAIK they operate in the UK also.

First they insisted that the most recent version is CC 4.4.3. I tried to explain that there still are two branches, and that 3x is still supported (and linsence key removal is still sold).

This is a translation of their answer:

"This software has not been maintained for one and a half year, it has documented security issues not fixed in 3.x (see for example Secunia for CubeCart 3.x).

The software therefore has to be considered abandoned by its publisher. As far as we know all CubeCart versions including 4.3.9 has known security issues"

:mellow:

4.4.3 they didn't even address and still shutting you down w/o letting you upgrade is shameful

you do know you don't have to host in a Norwegian web hotel right?

Link to comment
Share on other sites
Al Brookbanks Proficient

Al Brookbanks

Posted
Posted

This is ludicrous. Your host haven't given a valid reason for closing your site down. There are NO known vulnerabilities in 3.0.20 and claiming that it is vulnerable because a file is old is a complete joke.

They seem to think that every version older than "4.3.9 has known security issues". This is true for VERSION 4 ONLY!! If you are using the latest v3.0.20 your store is fine!!

Please ask your hosting company to email me directly at al {at} cubecart {dot} com is they have any questions.

Lame. I hope your store is back online soon.

Link to comment
Share on other sites
Guest Eagleofnorth

Guest Eagleofnorth

Posted
Posted

Please ask your hosting company to email me directly at al {at} cubecart {dot} com is they have any questions.

I'll take you up on that. I am responsible for 3 CC 3 shops (copyright removed on all), all have served very good for years and I would like to keep them.

Could this be related to what they are talking about:

http://secunia.com/advisories/product/6838/?task=advisories

Link to comment
Share on other sites
kinetic Newbie

kinetic

Posted
Posted

This is ludicrous. Your host haven't given a valid reason for closing your site down. There are NO known vulnerabilities in 3.0.20 and claiming that it is vulnerable because a file is old is a complete joke.

They seem to think that every version older than "4.3.9 has known security issues". This is true for VERSION 4 ONLY!! If you are using the latest v3.0.20 your store is fine!!

Please ask your hosting company to email me directly at al {at} cubecart {dot} com is they have any questions.

Lame. I hope your store is back online soon.

that what I said well I said it was shameful

there are other options plenty of them but yeah al if someone is going round saying your stuff aint up to snuff then you need to get after them

Link to comment
Share on other sites
Al Brookbanks Proficient

Al Brookbanks

Posted
Posted

Hello Egil,

Your web hosting company contacted me taking offence to my comments. They pointed out the following security exploit...

https://secunia.com/advisories/42728/

This links through to:

http://www.exploit-db.com/exploits/15822/

As you can see this vulnerability was reported in CubeCart <= 3.0.6 which is ancient. 3.0.20 does not contain this vulnerability. Nor does any version CubeCart v4.

Link to comment
Share on other sites
Guest Eagleofnorth

Guest Eagleofnorth

Posted
Posted

They opened it again now :yeahhh:

Secunia still seems to insist that there is a less critical vulnerability in CC 3.0.20:

http://secunia.com/advisories/42655/

One have to be admin to try to exploit this - so it seems rather obscure.

The host accepted to open the store again, but have put .htaccess protection on the admin dir ....

Thanks to Al, kinetic and Robsta for all assitance on this.

Link to comment
Share on other sites
kinetic Newbie

kinetic

Posted
Posted

They opened it again now :yeahhh:

Secunia still seems to insist that there is a less critical vulnerability in CC 3.0.20:

http://secunia.com/advisories/42655/

One have to be admin to try to exploit this - so it seems rather obscure.

The host accepted to open the store again, but have put .htaccess protection on the admin dir ....

Thanks to Al, kinetic and Robsta for all assitance on this.

You are quite welcome Eagle glad we could help in any way

Kinetic

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...