Hey everyone, I do not know if this is common with Zen Cart, but a few weeks ago, my site (which utilizes Zen Cart) got hacked through the code. I had a webmaster take a look at it and he said anyone could have done it. The hacker infected only our image files, so we had to completely delete those. It was a big hassle and an even larger annoyance. Just be careful if you're a Zen Cart user.
Any particular vulnerability that you can share with us? Just a word of advice, for those using shopping carts, cms and the likes. These are extremely complicated software that needs to be patched regularly to be secure. Do patch and backup regularly.
The ones I use for shopping carts and CMS are very simple. Are they really that vulnerable? Does it help if I'm using longer passwords for my admin accounts? example: 341jjdak202
Like I said, the image files were the only vulnerable files we found after a thorough search. The hacker didn't get to our database or any other important part of the site. I am a newbie to eCommerce softwares, but can you explain what patching is? Thanks!
Did you had 777 permission to images ..or nobody ownership..Thats the reason we allows tell our customers to upgrade to stable version. And on hosting end..do have suphp enabled to avoid 777 permission and avoid hack attempts.
That's right. You usually DON'T have to chmod any files or folders to 777, even if the instructions says so. A chmod of 777 makes it possible for anyone to write to the file or folder. Use 774 or even lower.