Jump to content

gabrieluk's Content

There have been 73 items by gabrieluk (Search limited from 18-Jan 19)



Sort by                Order  

#66224 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 06 January 2010 - 02:38 AM in Web Hosting

In the grand scheme of things, the security issues with CS-Cart 1.3.5 is not really that significant!

Hi Spiral,
I tought i like the things you said ,but nowwwww it's too much.
This is NOT what you told me in another thread!!!!!WTF
Who has brains now?hun?you?



#66808 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 13 January 2010 - 02:20 PM in Web Hosting

You mean................:rolleyes:

Attached Thumbnails

  • Noman vs Spiral.jpg



#65986 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 03 January 2010 - 11:39 PM in Web Hosting

regardless if you use it, the addon should be removed ;)

Please can anyone point the right way to get rid of this addon?
Thanks in advance



#66202 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 06 January 2010 - 12:17 AM in Web Hosting

Spiral,

No offence dude, but still nothing from you so, I will just ignore any result of your security scanning and hundreds of words regarding 1.3.5 SP4.

Make some effort and read your lines below and stop changing words to make things softer. Empty statements...

What you just described is the automatic default alert message generated from one of my own security scanning applications...

Incidentally, CS-Cart 1.3.5-SP4 is one that does indeed have a number of unresolved security vulnerabilities ...

...upgrading would be a good move

I have personally witnessed, at different web hosts, over 50 sites hijacked and all used as spam servers for no other reason than they each were running CS-Cart 1.3.5-SP4 ...

Another 27, also running the same version, got their customer credit card data or other information stolen as well by injected code modifications...

and there is a URL reference in the major public security advisory databases...
I have personally seen a large number of sites on CS 1.3.5 SP4 hacked...

YES, 1.3.5 SP4 does indeed have some very major security problems ...

1.3.5 sp4 in and of itself but you will need to make a number of modifications to deal with several poorly written code areas that are now being activity exploited heavily ...

I have observed how this has been exploited has either to be utilize the CS-Cart program as a spam distribution relays...

I have also located all the areas of code that are currently being exploited by hackers ...


I saw Elvis...

Spiral could be a good politic,SPIRAL FOR PRESIDENT!!!!!!!(he knows how to adapt sentences...)HURAYYYYYYYY!!!!!!!!!!!!!!!!!!
(sorry guys ,the pressure is getting into my nerves....let's break the ice...)
:mad: :( :) :D



#66247 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 06 January 2010 - 09:33 AM in Web Hosting

I'm feed up,this is(hopefully) my last post in this thread.Cs cart sp4 is a good'n old GOLDEN PIECE OF CODE.I think i have brains,and it's not for coincidence that many people here stick with the past(especially brainless developers like me....).
Conclusion:
The FALSE ALARM is nothing more than A MARKETING STRATEGY TO PERSUADE PEOPLE TO SIGN UP WITH A "SAFE" HOST PROVIDER.
Is all i got to say....(but i think all the brainless people got that anyway!!!)



#66082 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 05 January 2010 - 02:12 AM in Web Hosting

hello,
i was so curious to understand the relation of this vulnerabilities with the hosting provider,that i wrote a thread in the forums of my provider.For a reason of privacy i wont reveal the name of my host
"my host" vs CyberLNC
hi there,
i have an ecommerce software in my account,Cs Cart.I use an older version of the software,as it is the best version.Some concerns about security have been risen in CS forums.They said CyberLNC is a very good host provider,wich has it's own security measures,so the host itself blocks the lack of security from the software.My question is if "my host" is at the same level of security as CyberLNC.
I went to their website and i found this:
* Highly Secure RedHat Linux Servers
* Hardware Firewalls
* Cisco Guard DDOS Protection
* Tipping Point IPS/IDS Protection
* Multiple Internet Backbone Connections
* Gigabit Speeds from Server to Internet
* Geographically Redundant DNS
* Multiple Client Backup Solutions


ANSWER:
"Going by the information on the website, yes. Software/script wise we run a highly tweaked installation of mod_security across all of our shared servers. This blocks out a large number of attacks but obviously, not all. If there was such a solution exploited scripts would be a thing of the past.

Running out of date/vulnerable scripts on a shared web server is not acceptable. You are putting every other customer on that server at risk. If you site is exploited it could be used to attack other servers, host phishing pages, send huge volumes of spam email etc. The result would likely be poor peformance or downtime for other users on the server."

"It is also worth noting that cyberlnc use Softlayer as their provider. This means all of the servers, hardware firewall, DoS mitigation devices etc are not actually owned, managed or directly accessible by them"



#66012 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 04 January 2010 - 11:09 AM in Web Hosting

Spiral, you have made the above statement with nothing to back up your claim that CS 1.3.5 sp4 has a "number of unresolved security vulnerabilities". Please help us out. What are these security issues so I can work to get them resolved? I'm sure others in the community would love to know what they are too. This way we can all work to get them resolved.

I am sorry to say that at this point I just am not convinced that CS 2.? is the answer...at least quite yet. I hope to try out 2.11 soon on a new site, but still will not try it on one of our traffic sites yet. So basically, I plan to keep 1.3.5 sp4 until at least 2011 on a couple of our sites. I have already invested quite a bit in our current sites and do not want to blow that all out of the water for a version that seems to be on continuous "beta" test. So if there are security issues I want to work to get them resolved.

Amen:rolleyes:



#66115 Security warning CS-Cart version 1.3.5-SP4

Posted by gabrieluk on 05 January 2010 - 12:54 PM in Web Hosting

Hello,





Is there someone here, in CS-Cart community, who heared / seen, or can testify or affirm any attempt (or the increasing) of hacking?

An user of CS-Cart?

An official of a hosting company?

An official support technician of CS-Cart?



Lee Li Pop


HI Pop's,
I think that Spiral is the person that knows what is going on.He is an expert in security,AND HE KNOWS,the vulnerabilities.I was looking his threads and you can see that he has knowledge.I think the point here is how to produce this patch to cover vulnerabilities as soon as we can!!!!OTHERWISE i think i will be forced from my host to REMOVE cs cart or update it,as i'm putting the security of my whole server at risk,using SP4.as i DON'T WANT TO UPGRADE(as others,i belive) the solution will be only one.change ecommerce software(thing that i don't want to do either,as i love Cs cart)



#67817 Buy SSL Certificates - up to 80% off

Posted by gabrieluk on 22 January 2010 - 06:30 PM in Resellers

That is a reseller price. Are you a enom reseller?

We offer reseller prices to everyone.

BTW Noman, did you compare our other SSL prices with Enom? No? Then have a look at

- True BusinessID with Extended Validation (EV) or
- True BusinessID Wildcard

;) :D :cool:


Hy Indy,
I would like to know why your True BusinessID with Extended Validation (EV) (156 euros)is so cheap comparing with ENOM True BusinessID with Extended Validation (EV) price($399).
Also,i would like to know if i can order via paypal and if a receipt is included in the price.
Regarding the CSR,when you have to insert,city and state,what should i write:
London
Greater London
or
London
London

I don't know if the "greater" is needed.
Thanks



#94749 cscart 2.1.2 released

Posted by gabrieluk on 12 November 2010 - 03:18 PM in General Questions

I pushed for a free basic cart a very long time ago so I'm glad to see it finally happening and yes hopefully the community grows even stronger - Sno


oh yeah!!!!!I definitely agree with Sno,this is a big jump.I've been into Drupal latest months,but with this good news......!!!!I will be integrating cs with drupal!!!!Horay:p



#75839 robots.txt

Posted by gabrieluk on 26 March 2010 - 10:21 PM in SEO

Hi Indy,
would you mind to explain the difference between this:

Disallow: /somefolder

and this:

Disallow: /somefolder/

??



#75577 robots.txt

Posted by gabrieluk on 25 March 2010 - 05:16 AM in SEO

"#Disallow: /images/ "

hi,great post.I just dont understand why this folder is commented out...



#75969 robots.txt

Posted by gabrieluk on 28 March 2010 - 03:57 PM in SEO

Thanks for the explanation....I took this from another post....Is that good?
Disallow: /index.php?dispatch=products.search
Disallow: /index.php?dispatch=wishlist.view
Disallow: /index.php?dispatch=checkout.checkout
Disallow: /index.php?dispatch=profiles.update
Disallow: /index.php?dispatch=profiles.add
Disallow: /index.php?dispatch=auth.login_form&return_url=index.php
Disallow: /index.php?dispatch=checkout.cart
=======================================
i just realized now....
Disallow: /index.php?dispatch=
this covers all the urls



#76013 robots.txt

Posted by gabrieluk on 28 March 2010 - 10:28 PM in SEO

Hi Indy!
I have this urls being indexed many times...
http://www.fmydomain...ducts=Y&page=90

the only difference between them is the end of the url "Y&page= "

should i
Disallow: /index.php?target=gift_certificates&mode=free_products&search_products=Y&page=

??:rolleyes:



#69611 Setting up SEO

Posted by gabrieluk on 05 February 2010 - 03:35 PM in SEO

Also,do you know about cannonical urls for the sub domain....
should i redirect shop.funky-sheila.co.uk to www.shop.funky-sheila.co.uk ?

thanks for the help



#69604 Setting up SEO

Posted by gabrieluk on 05 February 2010 - 03:08 PM in SEO

hi Indy,
thanks a bunch,it works now!it was just the "/"

but there's 2 things i don't understand...why you said is WRONG to make the folder and AFTER asign a sub domain for that folder,if it works?

the folder containing the sub domain,/shop ,is still acessible,altough it displays now with the "/" error.Correct me if i'm wrong.Any sub domain created via cpanel,example:
www.shop.mydomain.com can be acessed trough it's own folder www.mydomain/shop?!?!?!?!?!!?or i have this folder acessible just for the fact i created first the folder and after the sub domain?:P



#69500 Setting up SEO

Posted by gabrieluk on 04 February 2010 - 08:47 PM in SEO

Hi,
I just used as a sub folder,not sub domain...
I just created a sub domain now for the folder shop(www.shop.mydomain.com) to try your suggestion,but i'm having some problems regarding the sub domain.... for some reason dysplays like this now

Do you know wich changes should be done in config.php to set up cs for the sub domain?
I did this:
// Host and directory where cs-cart is installed on usual server
$cscart_http_host = 'www.shop.funky-sheila.co.uk';
$cscart_http_dir = '/';
should i have to modify here also: $db_host = 'localhost'; ?
I don't know if i have to change something in DB as well.
Thanks for the tips...sef might work now...
---------------------------------------------------------------
edit:
i just reverted the changes,as i don't know what could happen with google's index.The error was like,i think,a .htcacess sef rewrite issue.
you know when it doesn't display images?just links see screen shoot

Attached Thumbnails

  • shopsubdomain.jpg



#69381 Setting up SEO

Posted by gabrieluk on 04 February 2010 - 02:13 AM in SEO

hi,
i want to turn on seo addon,but i don't know why is not working.I read all this thread several times,knowledge base and threads related to .htacess also.I need some advanced advice please....everything check.mod_rewrite On,cs cart and .htacess in the /shop folder,htacess modified to RewriteBase /shop.
this is my .htacess

DirectoryIndex index.html index.php

<IfModule mod_rewrite.c>
RewriteEngine on
# Some hostings require RewriteBase to be uncommented
# Example:
# Your store url is http://www.yourcompany.com/store/cart
# So "RewriteBase" should be:
# RewriteBase /store/cart
RewriteBase /shop
RewriteCond %{REQUEST_FILENAME} !\.(png|gif|ico|swf|jpe?g|js|css)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php?sef_rewrite=1 [L,QSA]

RewriteCond %{REQUEST_FILENAME} .*\/catalog\/.*
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteRule . index.php?sef_rewrite=1 [L,QSA]

</IfModule>

note that in the root folder (public_html/) there's a joomla install wich is running sef url's with no problems.Also i contacted my host and they said the only place i could get help was with the software developers...

Copy of .htacess in the root folder:

# @version $Id: htaccess.txt 13415 2009-11-03 15:53:25Z ian $
# @package Joomla
# @copyright Copyright © 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##

#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

#
# mod_rewrite in use

RewriteEngine on
AuthUserFile "/home/funkyshe/.htpasswds/public_html/passwd"
AuthName "We are updating the shop,please come back tomorrow.Sorry for any inconvenience"
RewriteCond %{HTTP_HOST} ^funky-sheila\.co.uk
RewriteRule (.*) http://www.funky-sheila.co.uk/$1 [R=301,L]

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode **** to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)

# RewriteBase /

########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section
Any tips?:rolleyes:



#74998 help with index of wrong pages

Posted by gabrieluk on 20 March 2010 - 12:09 AM in SEO

hi,
i have a lot of links being indexed by google that are wrong.

close window is the title,have a look
http://www.funky-she...93&window=popup

the worst is that this is multiplied many times,please help with this

also this link is wrong,its not supoed to be indexed....

http://www.funky-she...26&window=popup
i know it has to do with robots.txt,but i do not know wich changes in there should i do....

thanks in advance for any help



#75102 help with index of wrong pages

Posted by gabrieluk on 21 March 2010 - 01:43 AM in SEO

hi,
thanks:p
would you know how to dissalow the links in the global configurations,such as costumer login,the breadcrumbs(apart sitemap) like the promotions link and affiliates...I notice that internal searches in the shop are being indexed,i do not know if thats good...problably not.
also,can you tell me difference between dissalow and no index?
thanks again



#75378 help with index of wrong pages

Posted by gabrieluk on 23 March 2010 - 05:19 PM in SEO

Hmmm... I see. And why do you use the image.php in the robots? I would use in your case that in the root robots file:

Disallow: /shop/image.php?object_type=
It will stop the robots to index all URLs ending with image.php?object_type= in the subfolder.

That works 100%.

SORRY iNDY ,but now you are reallllyyyy confusing me....we are not following anymore....you are giving me all the time dubious answers,I know you are trying to help me,but you are not following a line of tough...if you read,calm,this thread from the beginning and also read your answers,you will see that it doesnt make sense...Don't you agree?:neutral:



#75246 help with index of wrong pages

Posted by gabrieluk on 22 March 2010 - 06:53 PM in SEO

Add:

Disallow: /image.php


this is a copy of my robots.txt

User-agent: *
Disallow: /classes/
Disallow: /images/
Disallow: /skins/
Disallow: /payments/
Disallow: /image.php
Disallow: /admin.php
Disallow: /store_closed.html
Sitemap: http://www.funky-she...hop/sitemap.xml

its the default text that comes with cs.As you see,image.php,is already disallow.How can it be....
The only reason for this,maybe,is that cs cart is installed in a sub folder.Theres another cms script in the root of the domain,wich has an robots.txt also.I do not know if is correct to have 2 robots.txt,one for the root folder,and another for the cs cart subfolder.Or if i should have 1 robots.txt in the root folder of the domain with this:
Disallow: /shop/image.php
What do you think?:rolleyes:



#75265 help with index of wrong pages

Posted by gabrieluk on 22 March 2010 - 08:18 PM in SEO

If it's installed in a subfolder (not as a subdomain) then you have to use the robots.txt in your root:

Disallow: /subfolder/image.php

You can't use a second robots.txt in the subfolder because you can't submit a "subfolder" in the Google Webmaster Tools.


oh...i see...but theres something you say i dont understand...

you can't submit a "subfolder" in the Google Webmaster Tools~~

I submited the subfolder to google webmaster tools and it has acepted.I describe what i did.
created webmaster account,inserted www.mydomain.com to the account.Verified the website with google.html file.After i registered wwww.mydomain.co.uk/shop and it was accepted.i also verified the subfolder /shop.
I did this more for the fact i was finding difficult to send only 1 sitemap xml to googles including two independent scripts(other cms plus cs cart).So i registered them independent,so i could use cs cart addon xml sitemap from SnoRocket and the addon from the other cms script.
Is that makes sense???:confused:



#75276 help with index of wrong pages

Posted by gabrieluk on 22 March 2010 - 09:43 PM in SEO

still confused...
im afraid to disallow the subfolder in root of the domain,as many pages are indexed and the site is ok with googles by now.Are you sure that if i dissalow the sub folder in the robots.txt in the root of the domain,that the SECOND robots.txt in the sub folder will be active??are you 100 per cent sure??so now you are saying i should have 2 robots.txt file...Any other developer could share its experience with us?



#75223 help with index of wrong pages

Posted by gabrieluk on 22 March 2010 - 04:07 PM in SEO

I have SEO ADDON running,so i will use that.Thanks Tool,Indy and Jesse.This forum is really great and im really happy to have choosen CS cart:mrgreen: