Jump to content

kloptops's Content

There have been 5 items by kloptops (Search limited from 26-Jan 20)


Sort by                Order  

#7954 Important security note!

Posted by kloptops on 21 November 2006 - 11:38 AM in News and Announcements

Another system that works is when a user try's to install the program, they get given a key (a simple md5sum of some random info will do). They then have to upload that into their shop directory for the installation to continue. If any of you have had the pleasure to install gallery2, you'll know exactly what I mean.

Also I think a cs-cart wiki would be a good idea, that way its not up to the creators to update it. People who know how to do something can share their knowledge, or even explain it another way.

Well that's just my 2 cents, I've always found this forum to be useful when I'm stuck.

BTW! Good job with 3.3.4! :)



#3982 WARNING: Skins directory unprotected and open to public.

Posted by kloptops on 31 August 2006 - 04:22 AM in v1.x Issues & Troubleshooting

I also found this on my previous host, i added the following to my .htaccess file (one inside the cscart base directory will do).

Options -Indexes

<FilesMatch "(\.(inc(\.php)?|sh|sql|tpl(\.php)?))$">
  Order deny,allow
  Deny from all
</FilesMatch>

this stops people from directly accessing .tpl, .tpl.php, .sql, .inc & .inc.php files. It also stops listing of directorys. I cant remember where i found this snippet, but imho its a must for any e-store.

I hope this helps.



#2268 Crappy upgrade!!

Posted by kloptops on 13 June 2006 - 12:28 AM in News and Announcements

Worked fine for me. However the weekend after i had upgraded my website was hacked and it was a huge mess after that, so my website is now running a fresh install. I had made modifications to some of the files also, its just that i had kept a log of what files i edited so it was easy to redo. :)



#2062 Hacked?? Any ideas?

Posted by kloptops on 07 June 2006 - 05:29 AM in v1.x Issues & Troubleshooting

Our site was thrashed pretty serverely, after injecting their own phishing sites and other crap on the server, they deleted every single file they had the permissions to alter. As a result i end up just deleting everything, and doing a fresh install (Luckily i had done the upgrade last week, and was organized enough to make it easier for the next time i had to upgrade). I went through the database with a fine tooth comb (Took a good 4hrs). I'm now just going through the site (with it showing up being under maitnance) and making sure nothing else is screwed up.

However all this hasn't discouraged me from the software one bit, and i'm very happy with its performance, and the response time from the cs-cart team was excellent. So thank you CS-Cart for a quality shopping cart, it makes my life that much easier. If only i could say the same about my webhost.



#2015 Hacked?? Any ideas?

Posted by kloptops on 05 June 2006 - 07:18 AM in v1.x Issues & Troubleshooting

This morning i was woken abruptly by another business member querying about why the shops website was "suspended", upon investigation my webhost had suspeneded my account because i had violated my TOS, for Phishing.

I put in a request ticket and they said they found phishing files in the directory "/shop/classes/jpgraph/Customers-Paypal-Scam-2006/customers/Secured/Service/mysql/ssl/connection/__/login/". Once i get access to my site, i'll see what has gone on. Get the logs and from the httpd, and cs-cart...

Altho i have to say im not discouraged from using cs-cart, im just slightly miffed that this has happened.