This is a request to CS-Cart development team. Software versions should not be easily traced. As soon as a hacker team finds a bug in CS-Cart’s system, they can easily create a wide spread attack to all CS-Cart websites using that version. There are central databases which track websites that have CS-Cart installed so don’t assume that this information is not visible to hacker groups.
If you add /?version at the end of any CS-Cart store, you can instantly see the software version and build number. This is unacceptable even for blogs where people sell nothing but share their opinion let alone giving easy access to such a crucial information for ecommerce websites.
If somebody hides /?version tag, the same code is still applied on .js and .css file requests in source code. They end with CS-Cart’s version at the end. (js?ver=4.2.4).
Alt-Team has a guide to modify some core files to make this invisible. (Article link) but why do we have to deal with code changes to get rid of something that is completely unnecessary to begin with?
I guess this topic did not catch anybody's attention.
How can I disable CS-Cart to advertise my CS-Cart version?
It should be to a point where it should be impossible to get CS-Cart version through source code or Ecommerce Solutions and Software for all types of business - CS-Cart.
config.php in root
define('CS_PHP_VERSION', phpversion());
// Product information
define('PRODUCT_NAME', 'CS-Cart');
define('PRODUCT_VERSION', '4.2.4');
Thank you, I tried that already. I did like the following but it didn't make any difference.
[color=#880000]// Product information[/color]
[color=#000000]define[/color][color=#666600]([/color][color=#008800]'PRODUCT_NAME'[/color][color=#666600],[/color][color=#000000] [/color][color=#008800]''[/color][color=#666600]);[/color]
[color=#000000]define[/color][color=#666600]([/color][color=#008800]'PRODUCT_VERSION'[/color][color=#666600],[/color][color=#000000] [/color][color=#008800]''[/color][color=#666600]);[/color]
Even if it had hidden Ecommerce Solutions and Software for all types of business - CS-Cart requests, 4.2.4 still shows up in the source code.
[quote name='mazter' timestamp='1427396802' post='209204']
This is a request to CS-Cart development team.
[/quote]
If you want to receive answer from CS-Cart team, then leave message to their HelpDesk system.
Best regards,
CS-Market.
Just comment out the following in init.php
if (isset($_REQUEST['version'])) {
die(PRODUCT_NAME . ' ' . PRODUCT_VERSION . ' ' . (PRODUCT_STATUS != '' ? (' (' . PRODUCT_STATUS . ')') : '') . (PRODUCT_BUILD != '' ? (' ' . PRODUCT_BUILD) : '') . '');
}
[quote name='mazter' timestamp='1427754871' post='209617']
Thank you, I tried that already. I did like the following but it didn't make any difference.
[color=#880000]// Product information[/color]
[color=#000000]define[/color][color=#666600]([/color][color=#008800]'PRODUCT_NAME'[/color][color=#666600],[/color][color=#000000] [/color][color=#008800]''[/color][color=#666600]);[/color]
[color=#000000]define[/color][color=#666600]([/color][color=#008800]'PRODUCT_VERSION'[/color][color=#666600],[/color][color=#000000] [/color][color=#008800]''[/color][color=#666600]);[/color]
Even if it had hidden Ecommerce Solutions and Software for all types of business - CS-Cart requests, 4.2.4 still shows up in the source code.
[/quote]
Please clear the cache it should fix the problem with the compiled js file as the system uses the following code to generate file name:
$return = '' . "\n";