Jump to content

CC6 Hack issue


xpert

Recommended Posts

we was recently hacked. someone placed code in controllers folder file to redirect google traffic
also a suspicious hook added
Can someone help me with some specific questions:

1)is there a security patch released since 6.0.0 version

2)is it possible to secure "admin" folder using htaccess and htpwd method?

3)is there a way to allow only few Fixed static IPs to access admin panel

Many Thanks,
Ash


 

 

Link to comment
Share on other sites

hi Ash

>>1)is there a security patch released since 6.0.0 version

There are new versions but no specific security releases or fixes

>>2)is it possible to secure "admin" folder using htaccess and htpwd method?

You can rename the admin folder, rename the admin.php and also secure the renamed admin directory using .htpasswd

>>3)is there a way to allow only few Fixed static IPs to access admin panel

You can also do that via .htaccess

The security plugin that Al has mentioned is a good start to look at the security and will probably suggest all of the above and more.  However, it is extremely unlikely that there is a security hole in CubeCart through which this access was achieved - it is almost certain that access was gained in one of a number of other ways

1) somebody either has your cpanel (or other hosting CP) password or an FTP password

2) You have other software installed in your hosting account that has a security hole - old unpatched WordPress site, forum or gallery software - this is a known and simple vector to gain access to an account

3) Your website is hosted with a company that has their servers setup in a way that doesnt enforce strict separation of accounts - so any account could have been hacked on that server, then allowing them access to your account and files

Ian 

Link to comment
Share on other sites

Hi Al, is there a note on  CubeCart News & Announcements about this new plugin?

I think what we need are new forums under the Extension Marketplace group where developers can list details regarding new extensions and skins that are listed in the marketplace (maybe the thread should be auto created when the developer uploads to the marketplace) and then questions / announcements etc can be added by anyone to that thread.  I have suggested this to Al already

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...