Hi All,<div><br></div><div> Having been frustrated with numerous attacks against my VPS, I thought I'd share something that really frustrates me (aside from the constant firefighting) : </div><div><br></div><div> Most hacks against sites come from having outdated web software installed (see Drupal's constant updates as an example of this) so when you find someone attacking your site, you often update all the software, and have to fix templates etc. etc. That's a fact of life and something as a host you should build into the costs of hosting.</div>
<div><br></div><div> However, on this particular occasion, it was a ZenCart vulnerability that was exploited on my VPS, and I was running the latest version. Well apparently when a new vulnerability is found in ZenCart, they provide patches to the app -- in their forum -- and do not release a minor version. EVEN when it is a major security vulnerability.</div>
<div><br></div><div> I am not looking forward to this, but it appears I am now on the lookout for an alternative to ZenCart, as any software that requires me logging into the forum of the software to check for patches to the current stable version is too much of a workload for me. Does anyone else think that this is a ridiculous state of affairs for a project?</div>
<div><br></div><div> Perhaps I'm just so jaded by having to repair this install 4 times in as many months (I updated all the software to current, there shouldn't be any vulnerabilities in current) that what others see as reasonable I'm not seeing that way.</div>
<div><br></div><div> Anyway, rant over, back to the grind.</div><div><br></div><div>--</div><div>Martyn</div>