|

Important security note!
Posted 09 November 2006 - 05:21 PM #1
Due to the several recent incidents related to the illegal usage of the CS-Cart installation script, our company decided to send a letter of strong recommendation to all CS-Cart users and ask you to REMOVE or RENAME 'install.php' script inside CS-Cart installation folder to avoid unauthorized reinstalling of the software or its modification.
Feel free to contact us if you need any assistance or help related to this issue. Our specialists will be glad to help you.
Ilya M. Shalnev
CS-Cart team,
Vice CEO
http://twitter.com/bzzeke
http://www.facebook....100001396131346
Posted 09 November 2006 - 06:24 PM #2
My patience for users asking questions because they are too lazy to read the manual is growing thin around here.
It may NOT be the best manual, but if you didnt bother to read it, then thats your fault.
RTFM!
Posted 09 November 2006 - 06:26 PM #3
Posted 09 November 2006 - 06:37 PM #4
If someones post seems trivial or redundant simply ignore it! No reason to be crass.
Ryan
Posted 09 November 2006 - 07:19 PM #5
Wow and to think, you're "Head Moderator".dont like it, tough shit.
Posted 09 November 2006 - 07:31 PM #6
I do think however, that as an executive of this board you might exercise some restraint in language. I get my frustrations out in the Admin lounge. Just my 2 cents.
Posted 09 November 2006 - 07:35 PM #7
can i join your admin lounge? LOL
Posted 09 November 2006 - 08:14 PM #9
There should be code in install.php that looks for a prior install. One method to prevent a new install is to require the config.php file to be manually deleted via ftp prior install.php running and recreating it. Making the user delete or rename install.php will be an on-going problem.REMOVE or RENAME 'install.php' script inside CS-Cart installation folder to avoid unauthorized reinstalling of the software or its modification.
Larry
SculptingStudio.com
DigitalOcean VM
Ubuntu 14.04
Nginx
Posted 09 November 2006 - 08:19 PM #10
if($glob['installed']==0){
header("location: install.php");
exit;
} elseif((file_exists($glob['rootDir']."/install.php")&& $glob['installed']==1)){
echo "<strong>WARNING</strong> - Your store will not function until install.php is deleted from the server.";
exit;
}
Posted 09 November 2006 - 08:21 PM #11
good idea.
Posted 09 November 2006 - 10:12 PM #12
Larry
SculptingStudio.com
DigitalOcean VM
Ubuntu 14.04
Nginx
Posted 10 November 2006 - 11:12 AM #14

Overall though this forum is very well laid out and the manual is very comprehensive

Andi
Posted 10 November 2006 - 07:58 PM #15
Super strict rules and profanity from a Moderator are counter productive. Requiring people to search before posting a question just says this isn't a friendly place. Consider this, I was the SA for the #1 CAD product in the USA. CAD programs are by nature massively complex and difficult to master. Our forum was constantly barraged with repetitive pleas for help for topics that had been answered hundreds, if not thousands of times. If I felt inclined, I answered the question. Once in a while I'd be too busy to bother with repeating myself, so I would just ignore the post. You know what happened? Someone else stepped up and answered the question.
The net result of this was great. A nube learned something, found a friendly environment in which he/she could feel comfortable asking questions, and most importantly, after reaching a point where they could help others, they always did. The forum became a tight knit community that often provided "Support" much faster and more reliably than the official support channels.
The moral of the story is this: Hostility is unacceptable, especially by a forum moderator. Locking threads and artificially creating a requirement to search first will drive potential customers away, and keep the lurkers in the shadows. (BTW, the search features on this board aren't that impressive.) The net result is people will be less inclined to jump in and return the favors they got when they asked for help and got it. (We were all new at some point.) It also assures that CS-C will be inundated with support requests that would have otherwise been easily handled on the forum.
If "search first" is going to be a requirement, then post that in the forum rules. Until that happens, I'll certainly be happy to return the patience I've received here (when I can).
Cheers,
MikeK
Posted 11 November 2006 - 07:35 AM #16
I guess reading the manual or reading the information on the install process pages that states "REMOVE or RENAME install.php when your install is complete" is just too much to ask users to do.
My patience for users asking questions because they are too lazy to read the manual is growing thin around here.
It may NOT be the best manual, but if you didnt bother to read it, then thats your fault.
RTFM!
I feel very PO reading this BS one of my customers got hacked AGAIN and the last people to install the script was CS-Cart so maybe you should not be blaming customers for not deleting it when your staff don't.
Les Richardson
Posted 11 November 2006 - 06:28 PM #17
You can very simply create a custom FAQ within vBulletin admincp (It's there, why not use it). Admins can give access to the FAQ editor to other staff members who can update it with these annoying repeated questions.
This new FAQ can be linked to in a variety of ways and even made to be required reading prior to posting on the board.
If you don't like the VB FAQ type then there are other commercial and open source types to pick from..
Back on topic:
I agree with some above posts that a function lock should be used if installer files are still on server however this is bringing a question to mind..
Isn't there already embedded security that requires an auth code prior to using the installer a second time?
Posted 16 November 2006 - 09:18 PM #18
Posted 21 November 2006 - 11:38 AM #19
Also I think a cs-cart wiki would be a good idea, that way its not up to the creators to update it. People who know how to do something can share their knowledge, or even explain it another way.
Well that's just my 2 cents, I've always found this forum to be useful when I'm stuck.
BTW! Good job with 3.3.4!
