Results 1 to 2 of 2
  1. #1
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Notice: Check Your Webserver Security Patches

    While this post is not specifically about Zen Cart®, we felt it important to let you know about two common security problems that exist on multitudes of live webservers.

    You should work with your hosting company to ensure these two problems are patched AS SOON AS POSSIBLE, lest your website could be hacked because of these server vulnerabilities:

    1. PHP CGI Bug - http://arstechnica.com/security/2014...-22-months-on/ --- PHP versions 5.3.0-to-5.3.11 and 5.4.0-to-5.4.1 are vulnerable if they have CGI mode enabled.

    2. SSL Flaw - http://heartbleed.com/ .... Inspect your own site via: http://possible.lv/tools/hb/

    ALL QUESTIONS ABOUT THIS SUBJECT SHOULD BE DIRECTED TO YOUR HOSTING COMPANY
    Last edited by DrByte; 9 Apr 2014 at 06:52 PM. Reason: Updated to clarify that PHP versions 5.3.0-to-5.3.11 and 5.4.0-to-5.4.1 are vulnerable, if CGI mode is enabled.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Notice: Check Your Webserver Security Patches

    Pardon the additional email this update may trigger ...

    RE: ZEN-CART.COM SERVERS
    In case you were wondering (some have asked privately), we at Zen Cart have inspected our systems to verify that our servers were not open to these vulnerabilities.

    Further, we remind you that we specifically do not store any sensitive financial information on any of our servers.


    UPDATE TO PREVIOUS POST:
    Also, I've updated the post above to add clarification about which specific PHP versions were affected by the CGI vulnerability: PHP versions 5.3.0-to-5.3.11 and 5.4.0-to-5.4.1 are vulnerable, if CGI mode is enabled.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. Whoops! Your session has expired. after paypal continue, since webserver upgraded
    By Justwade in forum PayPal Express Checkout support
    Replies: 15
    Last Post: 12 Jan 2010, 03:03 AM
  2. RE: Security Patches for v1.3.0x
    By wondergirl in forum General Questions
    Replies: 2
    Last Post: 18 Aug 2006, 02:35 PM
  3. Security Patches for v1.3.0x
    By DrByte in forum Zen Cart Release Announcements
    Replies: 1
    Last Post: 18 Aug 2006, 02:29 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR