[Bradford] ZenCart and security patches
Martyn Ranyard
ranyardm at gmail.com
Mon Feb 22 11:06:51 UTC 2010
Hi All,
Having been frustrated with numerous attacks against my VPS, I thought I'd
share something that really frustrates me (aside from the constant
firefighting) :
Most hacks against sites come from having outdated web software installed
(see Drupal's constant updates as an example of this) so when you find
someone attacking your site, you often update all the software, and have to
fix templates etc. etc. That's a fact of life and something as a host you
should build into the costs of hosting.
However, on this particular occasion, it was a ZenCart vulnerability that
was exploited on my VPS, and I was running the latest version. Well
apparently when a new vulnerability is found in ZenCart, they provide
patches to the app -- in their forum -- and do not release a minor version.
EVEN when it is a major security vulnerability.
I am not looking forward to this, but it appears I am now on the lookout
for an alternative to ZenCart, as any software that requires me logging into
the forum of the software to check for patches to the current stable version
is too much of a workload for me. Does anyone else think that this is
a ridiculous state of affairs for a project?
Perhaps I'm just so jaded by having to repair this install 4 times in as
many months (I updated all the software to current, there shouldn't be any
vulnerabilities in current) that what others see as reasonable I'm not
seeing that way.
Anyway, rant over, back to the grind.
--
Martyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/bradford/attachments/20100222/654b66be/attachment.htm
More information about the Bradford
mailing list