Starting over, and how it might be advantageous?
Initially I was going to write this as a private message to Dr. Byte, because of one question I need to ask, but I read a few things about hacks and hack attempts, etc., and so my question evolved into some relevant stuff......
As you might have noticed I am in the process of switching hosting servers....
I have read the advice on upgrading and switching servers, and I will certainly heed it. Which means I will upgrade prior to switching.
I have been reading about hack attempts, and all sorts of things, and I have observed that an upgrade does not protect one from a hidden file, or worm, etc. ---- therefore, all the updates in the world are no good if one has already been hacked (unless, of course, that owner is a tech expert and has confirmed that no traces of a previous hack remain in the upgrade)----not being an expert, and having had my 1.39A version hacked last year, I am wondering if it would not be a bad idea to start fresh, brand new, with a new 1.5 copy, and then adding again the modules (I only had two: fast and easy checkout, and better together).
After the hack was removed from my site last year, I backed it up, writing over the previous backup. This means my backup contains the exact same files as my present copy (eg, if there is a hidden malicious file, I have it on my backup)
But the existing 1.39A site appears to be fine. Should I upgrade it and then move it to my new server, or would it be wise to start from scratch? In my opinion, either way will be a pain in my %$#, but the upgrading option would certainly be less of a pain.
If you think I should upgrade the old version, or even if you don't, tell me this: I have moved all of my domain's nameserver's addresses to my new Hostmonster account. At this point, how do I access or look (or even use at all, for that matter), the files, including my old site, currently located on the old server? Can I use IP addresses instead? Should I put the old domain nameserver stuff back to where it originally was while I'm doing the upgrade?
Re: Starting over, and how it might be advantageous
As for your 1.3.9a site, if you do a thorough inspection of all your files, comparing everything against the Zen Cart originals, then you'll know pretty quickly whether anything rogue is still lurking.
Yes, you're right ... if you DON'T get rid of anything left from the hack then yes you do leave yourself open to trouble.
Now, about the 1.5.0 upgrade. Since an upgrade is essentially a rebuild anyway, I would just proceed with building the new site. The standard upgrade documentation advises to use a comparison tool to inspect the old site's customizations by comparing all your actual site's files against the ZC original files (sound familiar? ie: my comment above) and noting what needs to be done in the NEW site as you rebuild it. Being armed with the list of changes you made makes the rebuilding process go much faster. That's why it's recommended that way.
Then there's your database. And, the standard upgrade process involves running zc_install against your database to bring its structure up to date with the new version. So, all your existing data is kept intact.
As far as your change-of-servers goes, if you're going to "move servers" first, and upgrade later, then point your nameservers to the new server, and carry on. If you're going to do all your upgrade testing on the new server first, then point the nameservers back to the old server and continue running there until you're ready to go live, and then work on the transition at that time.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
By wwwursa in forum General Questions
Last Post: 23 Nov 2010, 02:02 AM
By shiningfaery in forum Templates, Stylesheets, Page Layout
Last Post: 22 Sep 2009, 07:07 PM
By Rob905 in forum Basic Configuration
Last Post: 2 Jan 2009, 09:07 PM
Content and Graphics Copyright (c) 2003 - 2016 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC