Zen Cart Security Vulnerability Alert

If you are running a Zen Cart store, it’s important that you read this message and take action immediately.

A vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section. As our security recommendations point out, you should change the folder that your admin resides in as soon as you installed Zen Cart.

SO — THE FIRST STEP YOU **NEED** TO TAKE is to rename your /admin/ folder!

However we realise that relying on this ‘Security through Obscurity’ is not foolproof, hence the release of a patch, which can be downloaded from the Zen Cart Support forum, here: http://www.zen-cart.com/forum/showthread.php?t=130161

The zip file there contains a readme.html with full details on how to install the security patch files. The security patch uses Zen Cart’s override system to make installation as simple as possible.

The security patch will work for previous versions in the 1.3.x series.

Older releases i.e v1.2.x are no longer supported and the patch has not been fully tested on those versions, however some parts of the patch should still work with v1.2.x (again see the readme.html file). However we strongly advise anyone using the 1.2.x versions to upgrade to 1.3.8 as soon as possible.

The Zen Cart Team takes security matters very seriously. But security is only as good as those who follow posted recommendations. Please apply the appropriate patches and security measures promptly, for your own benefit.

SUMMARY: Your Action Steps are:

Yes, if you haven’t already renamed your /admin/ folder, do it NOW!
Instructions can be found here: http://tutorials.zen-cart.com/index.php?article=33


3. Subscribe yourself to the Zen Cart Announcements mailing list:

4. Keep your site’s Zen Cart software up-to-date at all times. Numerous bugs, improvements, and security fixes are included in every new release. It is in your best interests to remain current.

The Zen Cart Team

convert cpanel account to addon

Is there a way i can convert/transfer a regular cpanel account to a addon
domain for a regular cpanel account?

The answer is this job can be done but requires alot of manual work. Also your email accounts and their settings will be lost in the procedure however later you copy email data from source server and replace it with destination for each domain correspondingly.

Here is some steps which may be helpful to complete this job:

  1. Create subdomains from CPanel on your shared account for all other accounts which you want to setup now as addon on the top of these subdomains.
  2. Generate dump of your database which can be restored on shared account later but you will have to create DB users again.
  3. Copy all web contents to their corresponding sub domains.
  4. Park these domains on the top of their subdomains
  5. Now create email accounts and place email data copied from the origin  server.

Tips agar terhindar dari jerat UU ITE Pasal 27 ayat 3

Kasus pencemaran nama baik yang dikenakan pada Prita Mulyasari, yang ditahan gara-gara menulis curhat di internet, merupakan wujud ancaman terbesar kebebasan berekspresi di Indonesia. Pencemaran nama baik dalam UU ITE terlalu eksesif. Pasal 27 ayat (3) UU ITE tentang Informasi dan Transaksi Elektronik (UU ITE):

“setiap orang dengan sengaja dan tanpa hak mendistribusikan dan/atau mentransmisikan dan/atau membuat dapat diaksesnya Informasi Elektronik dan/atau Dokumen Elektronik yang memiliki muatan penghinaan dan/atau pencemaran nama baik dapat diajukan ke pengadilan.”

Tips sederhana untuk menghindari “penghinaan dan/atau pencemaran nama baik”, maka sebaiknya “nama objek”  yang mau ditulis harus dipikirkan dulu.  Bisa saja dituliskan dengan sebuah plesetan atau sebuah inisial (apakah dia orang per orang, instansi, perusahaan badan hukum, organisasi, dll).