Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Why ? Rate Topic   - - - - -

 
  • Codies
  • Junior Member
  • Members
  • Join Date: 10-Jun 07
  • 25 posts

Posted 25 August 2007 - 01:24 AM #1

Why every time a hack incident is reported. The usual responses are always about the file permission ? File permission is not the only source of attack. There are bazilion way of attacking a website (even youtube has videos showing about how to hack). You may already know that cs-cart version 1.3.3 and older has vulnerability where the attacker can upload files to your cart ? They can upload shell script and you can say good bye to your cart. now i don't want ppl take this as an attack for ppl who trying to helpful. All help are of course appreciated.

So i would like to make some suggestions:
1. If your website is compromised. please be clear on the situation. state the cs-cart version, how you configure your file permission, check your server logs. what's your hosting environment (shared/dedicated or which company) etc etc. It could be the server itself has been compromised. in that case the security of your cart doesnt really matter anymore.

2. If you see a post about a cs-cart is compromised. please hold making comments such as "webmaster worth their salt", "please don't set your config.php to 777" without knowing the situation. It is very distressing having your cs-cart hacked. Posts such as these can be taken negatively. So try to understand the situation and identify source of attack so we can prevent this from happening.

 
  • argentice
  • Senior Member
  • Members
  • Join Date: 11-May 07
  • 383 posts

Posted 25 August 2007 - 08:13 AM #2

I think, when response time is critical, it's best to get the obvious stuff out in the open, ASAP. I could ask someone to check the permissions on the files and list them, wait for an answer, check them, and offer suggestions based on the. But this would take time. Forum responses are not instantaneous.

I think when you are desperate for a quick answer you should accept the answers you get with good grace, as someone has taken the time to reply. And if the answers you get are inaccurate or inapropriate, due the lack of information provided, then you are at fault not the person trying to help.
Rob

 

Posted 26 August 2007 - 03:59 AM #3

I think, when response time is critical, it's best to get the obvious stuff out in the open, ASAP. I could ask someone to check the permissions on the files and list them, wait for an answer, check them, and offer suggestions based on the. But this would take time. Forum responses are not instantaneous.

I think when you are desperate for a quick answer you should accept the answers you get with good grace, as someone has taken the time to reply. And if the answers you get are inaccurate or inapropriate, due the lack of information provided, then you are at fault not the person trying to help.


motion passed, thanks for saying what I was about to repeat
I've moved on from CS-Cart to WooC******** - If you need anything I can be of little help.