Guest Eagleofnorth Posted February 23, 2011 Share Posted February 23, 2011 I have been happily running CC 3.0.17 since it was released. A couple of days ago my host closed it down, saying the software was outdated. I then upgraded to 3.0.20. This morning my host closed the site again.... This is the content of the auto generated file old-software.txt : # Domeneshop/Domainnameshop autogenerated at 2011-02-23 09:43:18 # Old software found: 7 CubeCart 3.0.5 - VULNERABLE: ./www/cart/admin/modules/gateway/AsianPay/index.php CubeCart 3.0.1 - VULNERABLE: ./www/cart/admin/modules/gateway/Authorize/index.php CubeCart 3.0.1 - VULNERABLE: ./www/cart/admin/modules/gateway/Authorize_AIM/index.php CubeCart 3.0.2 - VULNERABLE: ./www/cart/admin/modules/gateway/DirectPayment/index.php CubeCart 3.0.2 - VULNERABLE: ./www/cart/admin/modules/gateway/ExpressCheckout/index.php CubeCart 3.0.0 - VULNERABLE: ./www/cart/admin/modules/shipping/By_Price/index.php CubeCart 3.0.18 - VULNERABLE: ./www/cart/admin/products/index.php As I said, I did upgrade to 3.0.20 (and I'm sure it is the safe version, ref the sticky post in this forum), Thanks for any help! Egil. Quote Link to comment Share on other sites More sharing options...
Robsta Posted February 23, 2011 Share Posted February 23, 2011 What version is being reported in your admin homepage? Quote Link to comment Share on other sites More sharing options...
Guest Eagleofnorth Posted February 23, 2011 Share Posted February 23, 2011 Hi Robsta, thx for answering. Admin reports 3.0.20 Quote Link to comment Share on other sites More sharing options...
kinetic Posted February 23, 2011 Share Posted February 23, 2011 Hi Robsta, thx for answering. Admin reports 3.0.20 Id get a new host Quote Link to comment Share on other sites More sharing options...
Robsta Posted February 23, 2011 Share Posted February 23, 2011 Hi Robsta, thx for answering. Admin reports 3.0.20 Id get a new host Yes I have to agree. It's not right to just shut someone's site down like that without prior warning and the chance to upgrade without downtime. Quote Link to comment Share on other sites More sharing options...
Guest Eagleofnorth Posted February 23, 2011 Share Posted February 23, 2011 Thanks for answering, guys. I have done some more correspondance with the host, wich by the way is www.domainnameshop.com. They are the biggest hosting provider in Norway, and AFAIK they operate in the UK also. First they insisted that the most recent version is CC 4.4.3. I tried to explain that there still are two branches, and that 3x is still supported (and linsence key removal is still sold). This is a translation of their answer: "This software has not been maintained for one and a half year, it has documented security issues not fixed in 3.x (see for example Secunia for CubeCart 3.x). The software therefore has to be considered abandoned by its publisher. As far as we know all CubeCart versions including 4.3.9 has known security issues" :mellow: Quote Link to comment Share on other sites More sharing options...
kinetic Posted February 23, 2011 Share Posted February 23, 2011 Thanks for answering, guys. I have done some more correspondance with the host, wich by the way is www.domainnameshop.com. They are the biggest hosting provider in Norway, and AFAIK they operate in the UK also. First they insisted that the most recent version is CC 4.4.3. I tried to explain that there still are two branches, and that 3x is still supported (and linsence key removal is still sold). This is a translation of their answer: "This software has not been maintained for one and a half year, it has documented security issues not fixed in 3.x (see for example Secunia for CubeCart 3.x). The software therefore has to be considered abandoned by its publisher. As far as we know all CubeCart versions including 4.3.9 has known security issues" 4.4.3 they didn't even address and still shutting you down w/o letting you upgrade is shameful you do know you don't have to host in a Norwegian web hotel right? Quote Link to comment Share on other sites More sharing options...
Robsta Posted February 23, 2011 Share Posted February 23, 2011 There are no known security vulnerabilities in v3.0.20. And no known vulnerabilities in v4.4.4. My advice is to change hosting companies, because it sounds like they don't want any customers. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted February 23, 2011 Share Posted February 23, 2011 This is ludicrous. Your host haven't given a valid reason for closing your site down. There are NO known vulnerabilities in 3.0.20 and claiming that it is vulnerable because a file is old is a complete joke. They seem to think that every version older than "4.3.9 has known security issues". This is true for VERSION 4 ONLY!! If you are using the latest v3.0.20 your store is fine!! Please ask your hosting company to email me directly at al {at} cubecart {dot} com is they have any questions. Lame. I hope your store is back online soon. Quote Link to comment Share on other sites More sharing options...
Guest Eagleofnorth Posted February 23, 2011 Share Posted February 23, 2011 Please ask your hosting company to email me directly at al {at} cubecart {dot} com is they have any questions. I'll take you up on that. I am responsible for 3 CC 3 shops (copyright removed on all), all have served very good for years and I would like to keep them. Could this be related to what they are talking about: http://secunia.com/advisories/product/6838/?task=advisories Quote Link to comment Share on other sites More sharing options...
kinetic Posted February 23, 2011 Share Posted February 23, 2011 This is ludicrous. Your host haven't given a valid reason for closing your site down. There are NO known vulnerabilities in 3.0.20 and claiming that it is vulnerable because a file is old is a complete joke. They seem to think that every version older than "4.3.9 has known security issues". This is true for VERSION 4 ONLY!! If you are using the latest v3.0.20 your store is fine!! Please ask your hosting company to email me directly at al {at} cubecart {dot} com is they have any questions. Lame. I hope your store is back online soon. that what I said well I said it was shameful there are other options plenty of them but yeah al if someone is going round saying your stuff aint up to snuff then you need to get after them Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted February 25, 2011 Share Posted February 25, 2011 Hello Egil, Your web hosting company contacted me taking offence to my comments. They pointed out the following security exploit... https://secunia.com/advisories/42728/ This links through to: http://www.exploit-db.com/exploits/15822/ As you can see this vulnerability was reported in CubeCart <= 3.0.6 which is ancient. 3.0.20 does not contain this vulnerability. Nor does any version CubeCart v4. Quote Link to comment Share on other sites More sharing options...
Guest Eagleofnorth Posted February 25, 2011 Share Posted February 25, 2011 They opened it again now Secunia still seems to insist that there is a less critical vulnerability in CC 3.0.20: http://secunia.com/advisories/42655/ One have to be admin to try to exploit this - so it seems rather obscure. The host accepted to open the store again, but have put .htaccess protection on the admin dir .... Thanks to Al, kinetic and Robsta for all assitance on this. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted February 25, 2011 Share Posted February 25, 2011 Thats a good result and a decent precious effort on their part. Although unnecessary. Quote Link to comment Share on other sites More sharing options...
kinetic Posted February 25, 2011 Share Posted February 25, 2011 They opened it again now Secunia still seems to insist that there is a less critical vulnerability in CC 3.0.20: http://secunia.com/advisories/42655/ One have to be admin to try to exploit this - so it seems rather obscure. The host accepted to open the store again, but have put .htaccess protection on the admin dir .... Thanks to Al, kinetic and Robsta for all assitance on this. You are quite welcome Eagle glad we could help in any way Kinetic Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.