Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Am I being hacked?


Guest

Recommended Posts

Ok folks. I haven't posted much in a long time because everything seemed to work just fine.....untill now! This has me sooooooooooo fuming mad that I wanna bust the persons chops! :angry: Some how someone else who has an OSC cart is merging with mine. I mean my cart looks the way I want it when I change things around or add products. BUT, when you view the pages the "Categories" column has ALL of their categories listed and none of mine and they link directly into their store. I am still trying to figure out how to password protect the Admin panel that I access on the web and all folders. Some how all this looks very odd. If ANYONE knows what the heck is going on I would LOVE any and all detailed advice on how to correct this. You can check out what I am talking about at www.cobblestonestore.com/catalog (no this is not advertising) And yes, I do know the catalog is actually stored under the domain of elysiangifts.com (that was my first damain before I changed it and waiting for the ISP to get off their a$$ to delete it).

 

Also, anyone ever try the "Add to Favorites v1.2" contrib? I am doing that and for some reason the text on the site keeps comming up like the code....any ideas?

 

I appreciate ALL of you on this help.

Link to comment
Share on other sites

It seems that more than likely you have your temp directory set in the root of the webserver and so does someone else on that server using osCommerce. Just change it so that you don't have caching turned on in your Admin. Also research .htaccess for information on how to lock up your admin, or ask your hosting provider for help with it. If they deny you help go elsewhere, many hosting providers are out there waiting for a new customer to help.

Kenneth S

--------------

Customer "Are you a real programmer?"

Me "No, but I did stay at a Holiday Inn Express last night"

Link to comment
Share on other sites

Cool! Thanx KennethS :) Ok, I turned off the cache and that did it. I am going into "properties" of the .htaccess file and puting the CHMOD to 700, but that comes up with a 404 error when I try to access the admin area. When I change it back to 744 I can get in, but I am sure so can everyone else. How do I go about making it so a login box pop-ups or some kind of login appears so I can login....or even create a login name/password. I will try to search the forums again, but there is nothing in the kknowledge base that I can find :(

Link to comment
Share on other sites

.htaccess is not a osCommerce thing, it's actually a server specific tool, it can be used for securing directories, doing rewrites and redirects, and many other useful things. I did a basic search on Google and it found many many pages on how to properly configure your .htaccess file and also how to create the .htpasswd file that is needed for securing things.

Kenneth S

--------------

Customer "Are you a real programmer?"

Me "No, but I did stay at a Holiday Inn Express last night"

Link to comment
Share on other sites

.htaccess is not a osCommerce thing, it's actually a server specific tool, it can be used for securing directories, doing rewrites and redirects, and many other useful things. I did a basic search on Google and it found many many pages on how to properly configure your .htaccess file and also how to create the .htpasswd file that is needed for securing things.

 

Ok...well, I got it all worked out. Only problem is it's refusing to recognize my password from the .htpasswd file. I mean it blocks EVERYONE from trying to get into the admin files....including me :'( But I can easliy delete the file from FTP all works the way it was before.....here is what it told me to put in the .htaccess file:

 

# $Id: .htaccess,v 1.1 2003/06/20 00:18:30 hpdl Exp $
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
#   AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)

# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers

<IfModule mod_setenvif.c>
 <IfDefine SSL>
   SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
 </IfDefine>
</IfModule>

# Fix certain PHP values

#<IfModule mod_php4.c>
#  php_value session.use_trans_sid 0
#  php_value register_globals 1
#</IfModule>
AuthUserFile /file/file/.htpasswd.sitename 
AuthName ByPassword 
AuthType Basic

 

Not really sure why it isn't working properly....did I put any code in the wrong area? It never said "where" to put. Anyway, I appreciate the help :)

Link to comment
Share on other sites

Use your control panel provided by your hosting company to 'password protect' your oscommerce 'admin' directory. First set up a 'user group', and a 'user' to it, and then password protect the oscommerce 'admin' directory and assign that 'user group' to it, and then you should be able to access the oscommerce 'admin' directory with the user name and password for that user.

 

Vger

Link to comment
Share on other sites

  • 3 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...