At this point, in the story, the whole blooming hosting account and all associated sites have been made unavailable to the public (which is nice from a “do no harm” point of view), and it is apparent that both wordpress and zen cart were hacked, though on two separate domains–same hosting account.

I thought perhaps you’d like to know the names of a couple of the files used convert my sleepy little natural body care site into a phishing site feared and hated by Google, PayPal, BlueHost and phishing-site-cops.  They are easily found on the web, and you can even buy your own version!  I got mine “free”, but at some cost.

The two most dreaded files seem to be: update.paypal, and update.bofa/Unauthorized%20Verification%20Form.htm.  Update.paypal is a deal, at $20.   I guess Hackers have to make a living too, and without them a whole lot of internet security folk would be out of a job.

Other people it seems have had great experiences with BlueHost being helpful after their site was hacked, I’m not feeling the love.  But, so much of “Support” depends on who you get.  I particularly love the admonition to keep my finger always over the “update” button, while being blocked from updating the sites!  Not that the info on how to pro-actively secure a site wasn’t entertaining following a hack.  It seemed a little like being shown proper flossing techniques while getting fitted for dentures.  A bit late, and this is the time for drastic measures, not preventive steps.

Thinking it over, I think I’ll secure my as yet unaffected site, then begin the scorched earth cleaning and rebuilding process.  Here are some useful links for information on securing and/or rebuilding your MySQL / PHP driven site:

My Zen Cart was hacked – now what?

10 Ways To Secure Your WordPress Install

The links below may require a BlueHost account:

Google Flagged My Site as Malware

What can I do to increase my Site Security while hosting with Bluehost?

Bookmark and Share
LinkShare_125x125ButtonV2

In the eyes of BlueHost, it seems I rolled out of bed today and decided to go phishing. So they deactivated my other site. No matter that I contacted them yesterday specifically to tell them that I’d just learned from Google that my site had been hacked and was hosting phishing scripts (thank you Google) .

PayPal/eBay nicely, seems to have chosen to approach this from the ‘benefit of the doubt’ POV. I’m definitely more impressed with the proactive eBay approach, than the ‘blame the hacked’ BlueHost approach. Seriously, whose servers are they?

Luckily, it’s not as though the site was setting the e-commerce world on fire, a gap in service might go somewhat unnoticed.

Seems I’m not alone, TG Daily reported on large-scale PHP hack-attacks at Go Daddy, BlueHost and others, back in May.

Bookmark and Share

What did you do on your vacation? Oh, thanks for asking, I took time to install, configure and compare 4 Open Source E-Commerce programs: AgoraCart, Magento, OpenCart and Zen Cart. 1

My criteria were: Free software only, no paid versions or options, if they exist. Here’s a graphic synopsis of my experience…

Quest_for_the_Best_E-commerce

As far as overall ease of set up, and least expense, I have to say I was impressed with AgoraCart.  It is not the most beautiful or the most feature rich—it is strictly web 1.0, built on CGI and html.  Nonetheless, AgoraCart, probably the oldest of all these programs, performed fabulously with a shared SSL cert and PayPal.  The PayPal checkout is nicely integrated, and flows smoothly, without requiring separate log-ins for the site and PayPal. 

For a serious “Free Programs only” purist, this is a good option.  I’m not sure about the overall security / hackability of CGI, so looks and site security could be an issue.  If I were going to host a store on AgoraCart, I’d set up a URL redirect to send the standard AgoraCart URL, which looks something like this http://www.storeX.com/store-directory/agora.cgi to http://storeX.com, for easier customer access.

After setting up the full configurations of OpenCart and Magento, I found that neither of them could complete a credit card transaction, OpenCart was fine for check purchases without a dedicated IP and SSL cert, but I’d feel creepy sending customers’ info over an unsecure connection, no go with shared SSL certificate for either of these programs.  I ran into a PHP glitch, but I think that was due to a behind the scenes upgrade going on at my host, and not the programs. 

OpenCart is a snap to install  2 and configure, very intuitive and overall a good looking store.  You could get by with CSS and do a decent job of customization. 3  One caveat, it seems that a lot of the modules that are included or free for downloading with other e-commerce programs are sold on a per module basis. I don’t know about you, but I cannot sell without shipping calculations.

osCommerce is in a lot of ways, the lumbering giant that started it all, by which I mean the community developed, free, open-source e-commerce genre.  I was put off, a long time ago now, by the need to edit the PHP code of every mod I downloaded.  That is what spurred my move to Zen Cart.  With Zen Cart, one can build a working store for free, without being fluent in PHP.  I’m sure osCommerce is vastly changed since I checked it out, and I am no doubt missing out on a lot of fun.

To be continued…


Notes:

  1. I didn’t renew my acquaintance with OS Commerce, since that acquaintance drove me to Zen Cart in the first place, circa 2005, due to the constant need to edit the PHP source code directly.
  2. Open Cart was installed using Simple Scripts and CPanel
  3. if you’re not already using Firefox and the Web Developer add-on for editing and testing CSS, read this great article from Lifehacker.com, the add-on instantly changed my life for the better.  You can get it directly from the developer at: Web Developer.
Bookmark and Share

All I wanted was five sidebars and a random images option. Is that too much to ask? Apparently, it is.

Having realized that there just isn’t a WordPress theme that does everything I want done, I got my tools in order for a little bit of DIY web design. Back to the drawing board I went. In my case, going back to the drawing board means getting busy with Sandbox and Google.

One great thing about the Sandbox theme, is that it is infinitely modifiable using only the stylesheet(s). CSS and I were not always besties, but that changed when I found the Web Developer extension for Firefox, thanks to a great piece on Lifehacker.

With this extension, CSS changes are viewable as you edit—no more changing one thing, uploading, refreshing, or fighting with a shadow copy of your site on a development server.

So, with my dream of five sidebars, or in the alternative four sidebars and a random images header option, I set about looking for the good news on how to make it all happen, on Google. I found this: Widgetized headers and footers?

- End of Part 1

Bookmark and Share

Wondering whether or not to upgrade OpenOffice to 3.1? Lifehacker has OpenOffice already taken the guesswork out of the decision! Here’s an excerpt:

Windows/Mac/Linux: It hit the servers two days ago, but OpenOffice.org 3.1 is now in official release. The open-source office suite focused on anti-aliased drawing and usability tweaks for this release, which we’ve quickly previewed here.

More…

Bookmark and Share