Hacked

Posting your cs-cart website here is a direct invitation to be hacked. Please be careful!

perhaps if urls where only in signatures, and signatures where only visible to registered users…



Saying that though, you could say the same about any other system who have “our clients” or showcases etc…



Everything out there is open for attack, it all depends on how paranoid you want to be. Im always getting my server attacked but for a different reason, nothing to do with CS-Cart



I do agree that guests should only get to see some things, Vbulletin is quite good in this respect and allows a lot of flexibilty between usergroups.

[quote name=‘makstudios’]Posting your cs-cart website here is a direct invitation to be hacked. Please be careful![/quote]



While I’m usually the first to not forward this motion,

my websites don’t have any linking whatsoever apart from the cs-cart forums while it was in testing. This means I was targeted simply but my sigs.



I’m not saying you WILL be hacked but then again it’s like all brick and mortar stores. It’s bound to happen one day. (My webhost has informed me months ago that this was happening routinely)

I’d say it was less to do with posting on this forum and more to do with finding a query that lists hundreds of CS-Sites sites on google. Hackers will want to hit as many sites as possible and hit them with an automated tool. Looking through each post on this forum is unlikely to be the most efficient way of doing it. However, it may get you listed on Google.

[quote name=‘argentice’]Looking through each post on this forum is unlikely to be the most efficient way of doing it. However, it may get you listed on Google.[/quote]



It depends, socially crafting a community site that is potentially full of users just starting out using cs-cart means there’s an entire pool to play with.



Simply google “/skins/default_blue” and see how many results you get.

Obviously without mention most of these sites are listed due to inexperienced users creating their own store (no I’m not flaming anyone) and/or not closing directories. I reckon with enough luck it would be possible to ‘steal’ the entire 1.3.4 Sp2 release by navigating a few sites.



Depending on what you do or don’t know you’re going to feel the pinch sooner or later.

If you can’t post a site saying “I run this software”. The software does not have good security measures.

[quote name=‘Zyles’]If you can’t post a site saying “I run this software”. The software does not have good security measures.[/quote]

I recently became aware with another senior member of CS-Cart in how to possibly DDOS a website via very simple methods… Zyles usually has his points:mrgreen:

Ah yes, the ever increasing value of a backup. :wink: