| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
#11
|
|||||||||
|
|||||||||
Re: Security bulletin 2009-12-02
Quote:
Got one of them now. Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#12
|
|||||||||
|
|||||||||
Re: Security bulletin 2009-12-02
Since there are many files other than the cc_ ps_ format, it would be really great to get a breakdown of the files in the payment folder and their usage. File permissions could then just be set to 000 until upgrading and then set back.
|
|||||||||
#13
|
|||||||
|
|||||||
Re: Security bulletin 2009-12-02 * Log Details *
Attached is the log of an attack in progress. I received notification of change in status of orders.
[10-Feb-2009 06:58:47] (shop: 10-Feb-2009 06:58:47) ORDERS message: Login: IP: 141.164.71.238 Operation: change status of orders (0) to 'F' ---- Request URI: /shop/payment/cc_basia.php Backtrace: /public_html/shop/include/func/func.order.php:1015 /public_html/shop/payment/cc_basia.php:176 -------------------------------------------------
__________________
xcart 4.7.7 |
|||||||
#14
|
|||||||
|
|||||||
Re: Security bulletin 2009-12-02
I lookk for this file I could not find it xcart_dir>/payment/cc_basia.php
Why is that? My version is 4.1.10
__________________
Luis XCART Version 4.0.13 |
|||||||
#15
|
|||||||
|
|||||||
Re: Security bulletin 2009-12-02
Quote:
Dear Ene, FYI - I did not receive the newsletter until the 19th... Is there a way to speed up the process? Thank you!
__________________
X-Cart GoldPlus v4.7.12 | reBOOT (reDUX) Template v4.7.12.9 | Always The Best |
|||||||
#16
|
|||||||
|
|||||||
Re: Security bulletin 2009-12-02
Quote:
Lucky you, i didn't get mine until this morning 21st February
__________________
X-Cart Gold 4.1.12 |
|||||||
#17
|
|||||||||
|
|||||||||
Re: Security bulletin 2009-12-02
OUCH!! That's way too long to be sitting with an exposed site! Definitely need to see about a program to send out emails faster. There's email regulation where you only send "X" mail per hour, but taking days to deliver is not good - weeks is even worse!
__________________
Conor Treacy - Big Red SEO - @bigredseo Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding! If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet. Omaha SEO Office with National & Local SEO Services Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance |
|||||||||
#18
|
|||||||
|
|||||||
Re: Security bulletin 2009-12-02
I just received my notice today... fortunately, I read the forums.
Qualiteam should really consider using a 3rd party for security bulletin emails. The big-boy 3rd parties can send 10's of thousands of emails per hour. WITH open/bounce/unsubscribe tracking. AND google analytics integration. For very low $.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
#19
|
|||||||
|
|||||||
Re: Security bulletin 2009-12-02
Or better yet, how about a live update system IN X-Cart? Wordpress does it when there is a new release, and that is FREE software. Have an area for important messages on the home page of the admin, with links directly to the update kits/patches/etc. Simple and effective, and no one can claim they didn't see it or get the e-mail in their spam box.
__________________
Padraic Ryan Ryan Design Studio Professional E-Commerce Development |
|||||||
#20
|
|||||||
|
|||||||
Re: Security bulletin 2009-12-02
Quote:
vBulletin does the same thing. A "call home" tag that checks your version and if it's not the latest patch, vB will make it very clear that you have to patch... I would imagine this is related to the vB call-home copy protection -- very well done/seamless to the admin. I would support xcart if they implemented such a feature.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4 |
|||||||
|
|||
X-Cart forums © 2001-2020
|