Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Join Date
    Sep 2006
    Posts
    33
    Plugin Contributions
    0

    Default Have I been hacked? -- no, my host upgraded to PHP 5.2 w/o notice

    This morning our site was working fine, but as of three or four hours ago, customers can no longer place orders, nor can I log into zencart via admin page.

    I've already implemented all the steps to secure our site several months ago.

    When I access the admin page that prompts me Admin Username and Admin Password, I no longer see the submit/enter button (see attached jpeg).

    When customers try to log in or place an order, they just get bounced back out, with no error message. I know the data's there, because when I log in with an incorrect password, it says "invalid password", but when I use a correct password, it just redirects me back to where I was previously as if nothing happened.

    I've not made any changes to the site in two days, orders were placed fine yesterday, I saw no rogue entries in the admin_activity sql table, and from the naked eye I cannot see any files changed.

    So I can't tell if I've been hacked, if zencart is failing for some odd reason, or if there was some activity on the host side that caused this (phone calls not answered yet).
    Attached Images Attached Images  

  2. #2
    Join Date
    Sep 2006
    Posts
    33
    Plugin Contributions
    0

    Default Re: Have I been hacked?

    Ok, host provider called me back and said this morning they upgraded php to 5.2.0 which explains everything. i searched this forum and I need to upgrade to 1.3.7 from 1.3.6.

  3. #3
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: Have I been hacked?

    You know, it's a shame to hear these types of reports. Although it's nice the problem was easily solved, it would have been so much better if the Hoster took the time to actually communicate with their Clients and let them know.

    Upgrading to PHP v5.2 is a Major update as it causes problems with many other scripts besides ZenCart. Although I don't know why v5.1.6 is not used, almost as good as v5.2 anyway but without the problems, it is not good business for anyone to make changes that are known to cause problems, without first advising Clients of such.

    Dont' mind me, as a Hoster as well, it just irks me to see how Hosters can create problems for their Clients and not even bother to tell them.

  4. #4
    Join Date
    Mar 2004
    Posts
    16,042
    Plugin Contributions
    5

    Default Re: Have I been hacked? -- no, my host upgraded to PHP 5.2 w/o notice

    agreed rob,
    very agreed, however there is also another shoe,
    Customer needs to makse sure that their email address is current.
    Zen cart PCI compliant Hosting

  5. #5
    Join Date
    Sep 2006
    Posts
    33
    Plugin Contributions
    0

    Default Re: Have I been hacked?

    I agree, the host provider should have sent an email detailing this, or at least done their homework to know if it interferes with other apps/programs that customers install.

    I already pointed him to the zencart forum, i'll shoot him another email asking for heads-up things like this, it would've saved me two hours hours of trying to figure out what in the world has happened/changed.

  6. #6
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,761
    Plugin Contributions
    9

    Default Re: Have I been hacked? -- no, my host upgraded to PHP 5.2 w/o notice

    A "Good" host should not have done this without notice as you are the benefactor of the crisis that it has caused.

    We have both php 4.x and 5.x installed and active, and a user can decide which to use.
    Zen-Venom Get Bitten

  7. #7
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: Have I been hacked? -- no, my host upgraded to PHP 5.2 w/o notice

    agreed rob,
    very agreed, however there is also another shoe,
    Customer needs to makse sure that their email address is current.
    I agree that there is some truth to some Clients not keeping contact information current and uptodate. That wasn't mentioned by the OP though, so I didn't address it.

    But on that note, it is easy for a Hoster to always make sure a valid eMail address is on file for any Client. Each business has their own contact methods but we'll never know, in this case, if the Hoster made any attempt to let their Clients know and/or just how many other Clients were not informed of the situation and are also experiencing problems.


    That's odd, what's wrong with the Quote feature?

  8. #8
    Join Date
    Nov 2004
    Location
    Norfolk, United Kingdom
    Posts
    3,036
    Plugin Contributions
    2

    Default Re: Have I been hacked? -- no, my host upgraded to PHP 5.2 w/o notice

    The quote feature hasn't been working properly since the new design came online. Many people have commented on it.

    My experience is that the smaller, more hands-on, hosting companies do advise their clients of such changes, but the large hosting companies just do what they want when they want to and don't give two hoots about the impact on their customers.

    I've seen some large hosting companies even introduce 'dev' versions of PHP and MySQL, which no responsible company should ever do.

    Vger

  9. #9
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: Have I been hacked?

    Quote Originally Posted by ttalk View Post
    the host provider should have sent an email detailing this, or at least done their homework to know if it interferes with other apps/programs that customers install.
    No dispute that your host should have warned you. Probably not realistic though to expect him to know what the impact will be on all the scripts out there of which there are thousands of open source options alone, before we start including plugins to them and any customer scripts that users may have written themselves.

    However, you can pat yourself on the back for being part of the Zen Cart community where you have both an active development team and an equally active wider community finding solutions and providing mutual and rapid support.

    Also, you don't need to upgrade to 1.3.7 - there is a fix for 1.3.6 which is small and easily implemented and makes a good stop gap, but the upgrade to 1.3.7 is pretty straightforward for most sites, so don't let me hold you back if you're up that.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

  10. #10
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: Have I been hacked? -- no, my host upgraded to PHP 5.2 w/o notice

    Quote Originally Posted by Vger View Post
    The quote feature hasn't been working properly since the new design came online. Many people have commented on it.
    I use it a lot, and this is the first time that I have seen it. But on this thread, it does seem to be an intractable problem.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

 

 
Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR