Results 1 to 9 of 9
  1. #1
    Join Date
    May 2009
    Posts
    60
    Plugin Contributions
    0

    Default Do I need to upgrade?

    My website suddenly started to loop when someone tries to log in. It wont show prices anymore, just loops back to log in page. I contacted my host and they said that it was because they changed the shared ssl cert and that I needed to upgrade my site to fix this problem..
    I am a wholesale site and don't take payments on my site - I take orders and send invoices so security is not a major issue. The site is used to keep my customers up to date with changing stock lines and prices. They need to log on as a confirmed business to protect the wholesale prices.
    I am not looking forward to spending the time and stress (for me) to go through an upgrade if not necessary!!
    How much is it normally to pay someone to upgrade? It would depend on the site but just a general idea???
    my site is here
    Do you think the ssl cert is the problem and that an upgrade would fix it?

  2. #2
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    4,895
    Plugin Contributions
    3

    Default Re: Do I need to upgrade?

    Quote Originally Posted by christinefred View Post
    I contacted my host and they said that it was because they changed the shared ssl cert and that I needed to upgrade my site to fix this problem..
    Your host is feeding you BS.

    However, if you are running Zencart V1.3.8 you DO need to upgrade ASAP because you are just minutes aways from being hacked (if you haven't been already).

    Quote Originally Posted by christinefred View Post
    I am not looking forward to spending the time and stress (for me) to go through an upgrade if not necessary!!
    We see comments like this all the time, but seriously, if you are running V1.3.8 then you *must* upgrade ASAP.

    If you upgrade before you get hacked even inexperienced should manage it within an hour or two (tops). If you leave it until after you've been hacked, expect to triple the time it takes.
    Cleaning up after a hack is a very time consuming process.
    Quote Originally Posted by christinefred View Post
    How much is it normally to pay someone to upgrade? It would depend on the site but just a general idea???
    How long is a piece of string? There really isn't a answer to this. A person with a lot of experience and relatively non modified site could probably to it in as little as 15minutes, but they could charge over $100p/h (or part of). On the other hand a person with less experience may end up taking 4 hours for the same job.. Some of these will also attempt to charge $100ph, but others will acknowledge their lack of experience and work for as little as $5-$10ph.

    Quote Originally Posted by christinefred View Post
    Do you think the ssl cert is the problem
    If you disable SSL andf all works fine, then yes, SSL will be the issue
    Quote Originally Posted by christinefred View Post
    and that an upgrade would fix it?
    No, an upgrade will not fix your SSL problems, but you still need to upgrade.

    Cheers
    Rod

  3. #3
    Join Date
    Nov 2006
    Location
    Dartmouth, NS Canada
    Posts
    2,369
    Plugin Contributions
    0

    Default Re: Do I need to upgrade?

    Judging from your description of your site and business model, you don't need SSL at all, so turn it off and your problem may go away. (If it doesn't, you can judge your host accordingly.)

    And yes, you must upgrade.

    Professional assistance should cost no more than $100 for such an upgrade, and probably less, but it depends on your mods and template and such.

    Rob
    Breakfast: the most important donut of the day.

  4. #4
    Join Date
    May 2009
    Posts
    60
    Plugin Contributions
    0

    Default Re: Do I need to upgrade?

    Thank you all for your input. I turned off the ssl and the site is working again.... I will attempt to upgrade to 1.3.9.h as suggested - in my spare time (hahahahah) Prob quicker than trying to find someone to do it for me.

  5. #5
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    4,895
    Plugin Contributions
    3

    Default Re: Do I need to upgrade?

    Quote Originally Posted by christinefred View Post
    Thank you all for your input. I turned off the ssl and the site is working again.... I will attempt to upgrade to 1.3.9.h as suggested - in my spare time (hahahahah) Prob quicker than trying to find someone to do it for me.
    Do yourself a favour and MAKE THE TIME. NOW!

    It really saddens me at the number of people that don't take this advice. My earlier comments didn't mean to imply that you MAY be hacked, or that you COULD be hacked by running V1.38, I meant pretty much exactly what I stated, you WILL be hacked.

    I simply cannot stress this enough.

    Don't go thinking that just because you've been ok with V1.38 for the last few years that another few days (or weeks) isn't going to hurt. This is a fatal mistake, *especially* since you posted the URL to your store in your first posting.

    Even as I'm typing this, the location of your store and the fact that it is running ZenCart V1.38 can be found with a simple Google search by any would be hacker with 30 seconds to spare. It will take about another 30 seconds and they'll have total control of your store.

    In other words, you are *literally* less than 1 minute from losing everything.

    If *I* were you, I'd already have the store in lockdown mode via use of .htaccess password protection for your entire site.

    Cheers
    Rod

  6. #6
    Join Date
    May 2009
    Posts
    60
    Plugin Contributions
    0

    Default Re: Do I need to upgrade?

    Thanks but hackers cant get to it now - I broke it trying to upgrade.......should have paid someone. %^#&#%^%*#*&......cry......

  7. #7
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    4,895
    Plugin Contributions
    3

    Default Re: Do I need to upgrade?

    Rukle #1. Don't Panic. Chances are that that unless you did something really silly, such as selecting the new install options rather than the upgrade options all of your exiting data will still be intact. If not, hopefully you have a backup of your database files.

    Secondly, no matter how bad things may *look* at the moment, you should still consider yourself as being 'lucky', because if a hacker did managed to break into the site before you managed to break it yourself, you can be pretty darn sure that they would have caused more harm/damage that you have managed to do yourself (which problably *looks* a lot more serious than it actually is), so you are *still* going to be better of in terms of recovery time.

    The main issue now is what is going to be the best, easiest and quickest way to solve your upgrade problems. You are far from being the first person to have issues like this, and there are many threads in these forums with people that have had the exact same problems. In the first instance I'd suggest you read through some of these threads and you'll be sure to find the solution isn't as difficult as it appears. If that doesn't help, there are still many of us here that will be willing to help you work through your issues on a more personal basis.

    From what I've seen from your currently 'broken' site you've probably got nothing more seriously wrong than a simple missetting in one of the two configure.php files.

    If you post a copy of these files (blank out the sensitive database login information), along with a few details about your store location (especially the *physical* path location to your store ... which will be something like /var/www/vhost/accountname/public_html/store/ we will probably be able to spot the error and guide you to a resolution.

    Again, don't panic, and do keep in mind that you are still in a better and safer position now than you were yesterday, even if you don't fully realise it).

    Cheers
    Rod

  8. #8
    Join Date
    May 2009
    Posts
    60
    Plugin Contributions
    0

    Default Re: Do I need to upgrade?

    Thanks Rod.....I am feeling a little better (emphasis on little)....my host is going to restore a full backup for me so hopefully I will be able to start again. I tried to restore my backups from my pc but was still having trouble. I do think it was likely that I accidentally selected the new install. (OMG - too much to do, too little time, rushing, and now made it worse!) I do have multiple backups of everything. Will see how the host restore goes and take it from there.

    I appreciate your advise, time and soothing words..

  9. #9
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    4,895
    Plugin Contributions
    3

    Default Re: Do I need to upgrade?

    Quote Originally Posted by christinefred View Post
    Thanks Rod.....I am feeling a little better (emphasis on little)....my host is going to restore a full backup for me
    I had considered suggesting this option to you, but it is something I tend to advise as a last resort, mainly because some hosts don't keep 'timely' backups, which means the restored data could be a month (or more) old. On the other hand, some hosts will do backups every few hours, which can be equally as nasty because they could simply end up restoring stuff that was already broken when the backups were make.
    Quote Originally Posted by christinefred View Post
    OMG - too much to do, too little time,
    Isn't that 'life' ? :)

    Quote Originally Posted by christinefred View Post
    rushing, and now made it worse!)
    A common scenario (Sadly). I'm even guilty of this myself. Computers are very unforgiving. It only takes one minor mistake for things to fall into a heap.. on the other hand, they are very predicatable beasts in that they'll only do you you tell them to do, nothing more and nothing less. I'm still waiting for someone to produce a computer that will do what I *want* it to do, rather than what I *tell* it to do. :)

    Quote Originally Posted by christinefred View Post
    I do have multiple backups of everything.
    One can never have too many backups. :)

    However, having backups isn't of much use if they don't work, or you don't know how to use them. This is not to critique you, because you I'd estimate that 99% of the people that do make backups never bother to take the next step of practicing or learning how to recover a broken system by using them, the assumption being that they'll be able to figure this out when they actually need them, without realising that when they are needed it is never going to be at a convenient time to learn how to do it, as such, panic follows. Like the backups themselves, most people learn this the hard way.

    Quote Originally Posted by christinefred View Post
    Will see how the host restore goes and take it from there.
    That's about all you can do at this stage.

    Quote Originally Posted by christinefred View Post
    I appreciate your advise, time and soothing words..
    No problem. In some ways I feel a little guilty into impressing upon you the urgency to upgrade, until I reflect on the number of times I haven't been as forceful only to find it got left to long and the hackers got in first, and the merchants ended up losing *everything* and were never able to recover at all. Everything had to be recreated from scratch. Often months, or years of work just gone in seconds.

    Of course, I know that this doesn't make your current situation seem any less devastating at the moment. You'll only come to realise this when everything is back and working and secure from hackers that you'll appreciate how much worse it *could* have been. You may be wounded, but you are still alive :)

    Cheers
    Rod

 

 

Similar Threads

  1. Replies: 5
    Last Post: 13 Sep 2011, 11:35 PM
  2. upgrade 1.3.9d to e my admin area still says i need to upgrade
    By cjbwebs in forum Upgrading from 1.3.x to 1.3.9
    Replies: 1
    Last Post: 5 Aug 2010, 10:31 AM
  3. 1.3.7 upgrade to 1.3.8 - database upgrade failing
    By hollygds in forum Upgrading from 1.3.x to 1.3.9
    Replies: 5
    Last Post: 29 Sep 2009, 02:53 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •