Home>JXC eNews: The Importance of Applying X-Cart Security Patches

JXC eNews: The Importance of Applying X-Cart Security Patches

We cannot stress enough how essential it is to ensure that you have all relevant security patches applied to your X-Cart site. X-Cart is a sophisticated piece of software, but every now and again the X-Cart company becomes aware of new vulnerabilities. When this happens, they immediately release a free patch to prevent hackers using this vulnerability to access your store. We then advise clients via Mailchimp, Facebook, Twitter and on our website at https://www.justxcart.com.au/jxc-enews-archives.html that a new patch has been released.

We have recently seen a spike in sites being hacked where owners have failed to have all security patches applied. As such, we wanted to clarify what is our responsibility and what is your responsibility as the site owner.

As a hosting provider, the security of our servers are certainly a priority. However, we can only secure your hosting account to a point. There is nothing we can do at a server level to protect you from a vulnerability in X-Cart's code (or vulnerabilities in any other software for that matter eg Wordpress). It is your responsibility as the site owner to protect the software that you have chosen to have installed to your hosting account. When you are notified about a new security patch, you either download the free patch yourself from your X-Cart helpdesk and apply it yourself, have us do it ($88.00 per patch) or hire someone else to do it. Whatever way, you need to get it applied.

What happens if my site is hacked?

Unfortunately if your site is hacked, we have a responsibility to suspend/disable it to contain the malicious scripts that have infected your sitem especially given your site is an eCommerce site where you, as the site owner, are responsible for dealing with your customers money/credit cards. When hackers compromise your site they can do so much more than just steal customers information, including:

- steal customer credit card details if you have stored them on your site/database *
- modify your credit card collection form on your site to have the details forwarded to the hacker when customers place new orders *
- enable manual credit card processing on your site by activating that payment method from your X-Cart admin, even if you previously didn't offer this as a payment method *
- make changes that redirect your externally hosted credit card payment gateways to other "hacker" gateways. These gateways can look like your banking gateway and even Paypal. You are responsible for protecting your customers credit card information.

* Important Note: collecting credit card data on your site and storing those details in your database is not PCI DSS compliant and not endorsed by our company in any way. We strongly advise should you run an older X-Cart store where manual credit card collection and storage is permitted, that you take steps to have this functionality removed from your X-Cart (we have service that can assist with this) or that you upgrade to the latest version where manual credit card processing and credit card storage on your store is not available.

Our suspending your site if compromised is protecting you and your customers and our actions are the same as any other responsible web hosting company would take.

Should you site be suspended, you will be contacted with the cost to have the malicious scripts removed and security patches applied to your site. At this point you can accept our assistance or we can provide you a zipped copy of the site to take away and have another company fix it. Once fixed you can re-supply us a cPanel copy of your site for upload, where it will be scanned and checks done to ensure all security patches have been applied. No previously hacked sites supplied to us will be re-enabled on our servers that are deemed to contained any malicious scripts and that aren't patched.

Not sure if your site is fully patched or not?

FREE SECURITY PATCH CHECK! Given how important patching is, if you aren't sure what patches your X-Cart site needs, please contact us on support@justxcart.com.au. We can do a quick check and let you know what patches need to be applied - no obligation or charge.

The cost of applying security patches is minimal compared to the cost associated with fixing a hacked site, not to mention the downtime you will suffer having your site offline while it is fix. You have the opportunity to easily find out if your site is fully patched or not. If your site needs patching, you will know and can proceed from there.

Additional site security measures

In conjunction with patching, there are a number of other ways to further assist protect your site - click here to read "Protecting Your Website (August 2014 newsletter) >>

Until next time, take care :)

Kind regards,
JXC Tech Support Team
Just X-Cart Australia

WARNING: Fake Just X-Cart Email

Sign up for our newsletter


Client Help Desk
Create or view support ticket
Login to your help desk
Project Console
Access your personal project management console.

Enter your project portal
Forgotten password?


secure payment gatewaysGeoTrust