Guest Denver Dave Posted January 11, 2006 Share Posted January 11, 2006 I accept that perhaps no system is hacker proof, but going out of our way to give hackers a good shot at us by providing the Cubecart version number on each public page seems very risky. How does this work? See the January AwsStats for January below and you will see how hackers located us and continue to do so with version 3.0.7. Search Keyphrases (Top 10) Full list 13 different keyphrases Search Percent powered by cubecart 3.0.6 9 32.1 % intext powered by cubecart 3.0.6 intitle powered by cubecart 4 14.2 % cubecart 3.0.6 2 7.1 % aroma therapy candles 2 7.1 % powered by cubecart 3.0.7 2 7.1 % aroma therapy 2 7.1 % xploits 1 3.5 % amber romance 1 3.5 % powered by cubecart 3.0. secrets 1 3.5 % cube cart 3.0.6 1 3.5 % Other phrases 3 10.7 % I don't mind saying powered by cubecart, but listing the version number is asking for trouble. phpBB stopped giving hackers free shots and dropped the version numbers quite a few versions ago. Note the search phrase always included the version number. Link to comment Share on other sites More sharing options...
Guest EverythingWeb Posted January 11, 2006 Share Posted January 11, 2006 This was discussed a few days ago: http://www.cubecart.com/site/forums/index....showtopic=15159 Link to comment Share on other sites More sharing options...
Guest Denver Dave Posted January 11, 2006 Share Posted January 11, 2006 Thanks - I've mentioned it myself a couple of times over the months and just thought maybe would get a better reception over the latest round of hacks. I'd missed the referenced thread. Thanks for pointing it out - I'll monitor that thread instead of this one. Link to comment Share on other sites More sharing options...
Guest EverythingWeb Posted January 11, 2006 Share Posted January 11, 2006 Thanks for that Dave. Topic Closed. Link to comment Share on other sites More sharing options...
Recommended Posts