pmailes1 Posted June 6, 2013 Share Posted June 6, 2013 I have been running CubeCart version 3 and it has recently been hacked, below is a message from the person that I use to manage my web site: " Have heard from the server boys - they hack is using the site to send spam, so it looks as if the vunerability is in one or more of the forms of the site. You may wish to pass this on the cubecart." Has any one had this problem and if so what was done to fix it? Thanks and regards Link to comment Share on other sites More sharing options...
bsmither Posted June 6, 2013 Share Posted June 6, 2013 Welcome pmailes1! Glad to see you made it to the forums. All versions of CubeCart prior to v5 has a feature called "Tell a Friend" (TaF) where a customer can have CubeCart send an email to an arbitrary email address with a canned message that invites the recipient to view the product mentioned. The problem is that 'not the latest' versions of CC3/4 have a lax filtering mechanism against improperly formed values for the TaF form elements. As such, the TaF form could be (and has been) abused. The CubeCart code has not been damaged. There are discussions about this at www.cubecartforums.org and how to disable it -- if TaF is not important to your site. Link to comment Share on other sites More sharing options...
pmailes1 Posted June 6, 2013 Author Share Posted June 6, 2013 Thanks forthe quick resnse. could you tell me exactly how to disale tis function. I believe that I need to do this via the admin function but as my hosting company has disabled my web iste due this issue I cannot get in. It may be that if I know exactly where to go to do this I might be able to get them to enable my site on the understanding that I enable the TAF function immediately. Also the link that you provided me points to this thread not to a discussion on how to disable the function? Many thanks and best regards Link to comment Share on other sites More sharing options...
bsmither Posted June 6, 2013 Share Posted June 6, 2013 Please see: http://www.cubecartforums.org/index.php?showtopic=14495 http://www.cubecartforums.org/index.php?showtopic=12885 These involve the manual editing of a file. You will need to FTP the file to your computer, make the edits, then FTP the file back to your site. If your hosted account's control panel includes a file edit tool, you can make the edits in your control panel. Tell your hosting provider you have made edits and ask then to resume serving pages from your site. Link to comment Share on other sites More sharing options...
Recommended Posts