Do you offer a security guarantee?¶
Yes, we do. If your CS-Cart, Multi-Vendor website is hacked while hosted at out hosting solution we'll work with you for free to try and undo the damage.
We always monitor traffic, log files, server metrics to prevent and mitigate security-related issues. Also, we monitor server-side software via antiviruses and scanning PHP code for the backdoors and malware via special software all the time.
In our experience, the most insecure place is the addons and extra functionality, which is wanted to be "fast and cheap coded" without extra security testing.
- How We Implemented Security Testing For CS-Cart And Multi-Vendor And Made It More Secure
- SECURITY CHECKLIST: How To Protect Your ECommerce Website On Holidays
- 7 Tricks & Remedies For Hackers' Protection: Cybersecurity
How CS-Cart or Multi-Vendor project can be hacked?¶
Due to the secure design of our infrastructure, server-level compromises are extremely unlikely. Rather, websites hacked while hosted at our hosting solution are infected in one of several ways:
- Exploits targeting unpatched CS-Cart vulnerabilities throught using outdated core version or poorly coded addons.
- Nulled addons and themes via using "free" nulled versions of premium themes and addons that contain malicious code.
- Compromised credentials: an attacker captures your email or CS-Cart admin panel, SSH or SFTP credentials.
Malware Removal Process¶
The process of inspecting a site, scanning it for issues, and removing infections may take up to one full business day to complete. Particularly pervasive infections may require multiple rounds of inspection. In some rare cases, where a site has been corrupted beyond repair, it may necessary to restore the site using a backup.
If you encounter evidence of malicious code or site behavior contact our support team.
Steps taken by our information security team¶
There are a few mandatory steps in our malware removal process which will be completed by our Support team for every repaired site:
- Server access will be limited via firewall by IPs
- Website will be closed, the core files will be reinstalled
- SFTP and SSH, database credentials and others ones will be changed
- If we discover infections in your site's addons or themes we will remove the infected components from the site and inform you on malicious parts or vulnerabilities.
Steps you will need to take¶
Following completion of malware removal we will ask you to take several additional steps to secure your site:
- Update all addons, themes, and the CS-Cart core to the latest version.
- If our Support team identified and removed any compromised themes or addons, do not attempt to manually clean and reuse the compromised files. Download fresh copies of these components from the developer and install them on the site.
- Review all CS-Cart admin users and delete any that are unused or that you don’t recognize.
- Update all CS-Cart admin user passwords.
- Additional site-specific instructions based on the nature of the infection.
These steps should be taken within one business day after we request that they be taken. Failure to take these additional steps will mean that our Support team will be unable to remove future infections for free.
Do you provide SSL certificate?¶
Yes! We provide free, automatically renewed SSL certificates from Let's Encrypt. No actions required from your side :)
Learn from this educational guide how to migrate to HTTPS without traffic loss and follow this Migration Checklist to double check yourself after migration.