Login Blog About

Not for official support
We do not provide technical support in this forum.
If you want to contact our customer support, please use our support form.

You are not logged in.

Pages: 1

 

#1 2011-03-29 17:50

tetramag
Member

Shop-script is really vulnerable to hackers. We've been hacked 3 times

We have an ecommerce website and we use Shop-script. In the last month we've been hacked 3 times, the first time the hacker just changed the index.php file, the other two they deleted THE WHOLE site.
My host is secure, while on the other hand I found out that Shop-script is known to have several vulnerabilities to hackers, see this page:
http://packetstormsecurity.org/files/98285/WebAsyst-Shop-Script-2011.01.23-Cross-Site-Scripting.html

and another one here:
http://www.securityfocus.com/bid/40349/exploit

Does anyone else have had similar experiences? Any solution?

Last edited by tetramag (2011-03-29 17:52)

Offline

 

#2 2011-04-04 04:26

rat
Administrator

Re: Shop-script is really vulnerable to hackers. We've been hacked 3 times

tetramag, these vulnerabilities were fixed around 2 years ago.

Be careful what you wish for — you might get it.

Offline

 

#3 2011-04-11 07:44

majed
Member

Re: Shop-script is really vulnerable to hackers. We've been hacked 3 times

Hello, Rat

Please tell us if there is any advice to help for avoid like this problem .
Thanks ,,

Offline

 

#4 2011-04-12 01:44

rat
Administrator

Re: Shop-script is really vulnerable to hackers. We've been hacked 3 times

Which problem do you want to avoid?

Be careful what you wish for — you might get it.

Offline

 

#5 2011-04-15 12:08

ClassicGlory
Member

Re: Shop-script is really vulnerable to hackers. We've been hacked 3 times

Rat,

You said this was fixed about two years ago which was roughly when or just before I loaded it. We have been hacked twice and are currently blackmarked by Google. I think it was mainly the cfg folder they got to.

I looked at the website for the latest version of Shop-Script Free to see if it was newer than mine and whether it had an upgrade function but it says it is from 2004. So when did the fix get applied or is it only fixed in the Paid-For versions?

I was also hoping for a definitive list of folder and file attributes but can find nothing concrete on a folder by folder or file basis.

Regards

ClassicGlory

Offline

 

#6 2011-04-18 02:57

rat
Administrator

Re: Shop-script is really vulnerable to hackers. We've been hacked 3 times

This forum section is dedicated to WebAsyst Shop-Script which is NOT Shop-Script Free. Please feel free to discuss Shop-Script Free at http://forum.webasyst.net/viewforum.php?id=13.

Be careful what you wish for — you might get it.

Offline

 

 

Pages: 1

Board footer

Powered by PunBB