Notice: Check Your Webserver Security Patches
While this post is not specifically about Zen CartŪ, we felt it important to let you know about two common security problems that exist on multitudes of live webservers.
You should work with your hosting company to ensure these two problems are patched AS SOON AS POSSIBLE, lest your website could be hacked because of these server vulnerabilities:
1. PHP CGI Bug - http://arstechnica.com/security/2014...-22-months-on/ --- PHP versions 5.3.0-to-5.3.11 and 5.4.0-to-5.4.1 are vulnerable if they have CGI mode enabled.
2. SSL Flaw - http://heartbleed.com/ .... Inspect your own site via: http://possible.lv/tools/hb/
ALL QUESTIONS ABOUT THIS SUBJECT SHOULD BE DIRECTED TO YOUR HOSTING COMPANY
Re: Notice: Check Your Webserver Security Patches
Pardon the additional email this update may trigger ...
RE: ZEN-CART.COM SERVERS
In case you were wondering (some have asked privately), we at Zen Cart have inspected our systems to verify that our servers were not open to these vulnerabilities.
Further, we remind you that we specifically do not store any sensitive financial information on any of our servers.
UPDATE TO PREVIOUS POST:
Also, I've updated the post above to add clarification about which specific PHP versions were affected by the CGI vulnerability: PHP versions 5.3.0-to-5.3.11 and 5.4.0-to-5.4.1 are vulnerable, if CGI mode is enabled.