milauskas Posted January 3, 2013 Share Posted January 3, 2013 Hi all, I built a site a few years ago for a client using osC. The most recent problem just occurred. Apparently someone was using the site to send out spam. I have limited knowledge of what/where this occurred since I'm a 3rd party and the host (web.com) spoke to the owners who gave me the info. I guess my questions are general at this point. Is there something in the shopping cart that may have enabled the sending of spam? Also, I think the osC version is pretty old. Will upgrading help security and/or will it break anything that's now working in the old version? I believe it's 2.2. We had some hacking a couple years ago and got that cleaned up. THe admin is renamed, we put in new passwords and used htaccess to give some additional security. I'm just wondering if others have had a similar experience and what steps they took. Thanks! Link to comment Share on other sites More sharing options...
Guest Posted January 3, 2013 Share Posted January 3, 2013 @@milauskas This is disturbing: I built a site a few years ago for a client using osC. This is more disturbing: I have limited knowledge of what/where this occurred since I'm a 3rd party and the host (web.com) spoke to the owners who gave me the info. READ THIS on now to secure the website, security has been a known issue for many years now on the 2.2 version. Chris Link to comment Share on other sites More sharing options...
germ Posted January 3, 2013 Share Posted January 3, 2013 Hi all, I built a site a few years ago for a client using osC. The most recent problem just occurred. Apparently someone was using the site to send out spam. I have limited knowledge of what/where this occurred since I'm a 3rd party and the host (web.com) spoke to the owners who gave me the info. I guess my questions are general at this point. Is there something in the shopping cart that may have enabled the sending of spam? Also, I think the osC version is pretty old. Will upgrading help security and/or will it break anything that's now working in the old version? I believe it's 2.2. We had some hacking a couple years ago and got that cleaned up. THe admin is renamed, we put in new passwords and used htaccess to give some additional security. I'm just wondering if others have had a similar experience and what steps they took. Thanks! If they have set "Allow guest to tell a friend" to TRUE in the admin the stock code can be used as a SPAM engine. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
milauskas Posted January 3, 2013 Author Share Posted January 3, 2013 Chris and Jim, Thanks for the info. I'll implement it right away. I appreciate it! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.