xpert Posted July 21, 2015 Share Posted July 21, 2015 we was recently hacked. someone placed code in controllers folder file to redirect google trafficalso a suspicious hook addedCan someone help me with some specific questions:1)is there a security patch released since 6.0.0 version2)is it possible to secure "admin" folder using htaccess and htpwd method?3)is there a way to allow only few Fixed static IPs to access admin panelMany Thanks,Ash Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted July 21, 2015 Share Posted July 21, 2015 You could try this: https://www.cubecart.com/extensions/plugins/cubecart-security-suite Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted July 21, 2015 Share Posted July 21, 2015 hi Ash>>1)is there a security patch released since 6.0.0 versionThere are new versions but no specific security releases or fixes>>2)is it possible to secure "admin" folder using htaccess and htpwd method?You can rename the admin folder, rename the admin.php and also secure the renamed admin directory using .htpasswd>>3)is there a way to allow only few Fixed static IPs to access admin panelYou can also do that via .htaccessThe security plugin that Al has mentioned is a good start to look at the security and will probably suggest all of the above and more. However, it is extremely unlikely that there is a security hole in CubeCart through which this access was achieved - it is almost certain that access was gained in one of a number of other ways1) somebody either has your cpanel (or other hosting CP) password or an FTP password2) You have other software installed in your hosting account that has a security hole - old unpatched WordPress site, forum or gallery software - this is a known and simple vector to gain access to an account3) Your website is hosted with a company that has their servers setup in a way that doesnt enforce strict separation of accounts - so any account could have been hacked on that server, then allowing them access to your account and filesIan Quote Link to comment Share on other sites More sharing options...
harrisorganic Posted July 21, 2015 Share Posted July 21, 2015 You can learn something everyday if you look!Hi Al, is there a note on CubeCart News & Announcements about this new plugin? Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted July 21, 2015 Share Posted July 21, 2015 Hi Al, is there a note on CubeCart News & Announcements about this new plugin?I think what we need are new forums under the Extension Marketplace group where developers can list details regarding new extensions and skins that are listed in the marketplace (maybe the thread should be auto created when the developer uploads to the marketplace) and then questions / announcements etc can be added by anyone to that thread. I have suggested this to Al already Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.