Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

php forum on store


momonie/lillybears

Recommended Posts

Merry Meet Again Everyone?

 

I have a forum in my store, what i want to know is if it can be upgraded or changed to a phpbb forum? if so where do i go to look for the orginal php forum file? did not install osc it was part of a package that i bought.

 

if it can be upgraded i need to know where to find the orginal name of the php file for the forum?

 

thanks for any help in this matter you can give.

 

newbie to php so please be gentle.

 

Paula <_<

Knowledge Base

 

In Perfect Love, And Perfect Trust. The Circle Is Open, But Never Broken!

Link to comment
Share on other sites

We need to be careful about this, and find out which way round things were done. You see it may be that you have a forum with an osCommerce plug-in, rather than the other way around.

 

Personally, if you need a forum I would keep it entirely seperate from osCommerce (on a subdomain perhaps), and if you want to use phpBB then it must be the very latest version, because all versions under two to three weeks old are hackable - and this could take down not only your site but all other sites on a shared server.

 

Post a link to your site so that we can take a look and see what needs to be done.

 

Vger

Link to comment
Share on other sites

Merry Meet Again Vger,

 

phpbb is hackable... lol... oh no... well i don't want that then... thats what started all this to begin with. store was hacked by serverside things were taken out, moved and deleted all together.. its been about 6 months now trying to put everything back where it belongs.. so i guess what i need to know is which forum do you suggest?

And yes i did make a back up... but i live in florida and the hurricans took it away.. so to speak... lol... anyways...

 

 

here is the link to the store http://www.theenchantedmoon.com/index.php

 

 

thanks for your help in this matter.

 

Paula :D

Knowledge Base

 

In Perfect Love, And Perfect Trust. The Circle Is Open, But Never Broken!

Link to comment
Share on other sites

Okay, my view on this is simple. Your number one priority must be too keep your online store safe. Hopefully you've done things like renaming the 'admin' folder to something totally unique (to make it hard for hackers to find it). Then you've password protected it, and put all of it behind ssl, so that there is no access to it at all via http.

 

The forum/bulletin board, is always going to be a vulnerability, no matter which one you choose, so I would keep it entirely seperate - a subdomain is better than being on the main domain - but an entirely seperate domain just for the forum is even better (not on the same server as your main domain). Domains and hosting can be really cheap, so it's not worth exposing your main store for the sake of a small amount of money.

 

The very latest phpBB has been patched now. Invision Baord (the free version) is I believe vulnerable, and I have no reports that Ikon Board is vulnerable at this time. But hackers love Forums and Content Management Systems like phpNuke, Post Nuke etc. because if they can get into them then they can send out viruses or just spam mail by the tens of thousands. So any forum software you choose is going to be vulnerable at some point in time - hence, keep it seperate.

 

I have just had another look at your site and see that you don't have ssl. You need SSL! Without it your site is so much more hackable - again, it's just not worth the risk!

 

Hope this helps

 

Vger

Link to comment
Share on other sites

I have just had another look at your site and see that you don't have ssl.  You need SSL!  Without it your site is so much more hackable - again, it's just not worth the risk!

 

Hope this helps

 

Vger

 

 

:o ok let me get this straight... if i dont have a SSL certif... then any and everyone can hack my site? i thought that was used just for the Payment process? sooo lost... maybe that is what is going on with the store... things keep disapearing... lol

soooo ... how do i go about changing things like the admin folder? I have no idea as to what to do.

 

i know that my server has a SSL that is shared can i use that? this is all so complicated... i get headaches just thinking about it... sigh.

 

anyways... thanks Vger for all your help with this... maybe i should concentrate on the store first before i try to add anything to it huh? hopefully i can get this fixed.

 

Paula :'(

Knowledge Base

 

In Perfect Love, And Perfect Trust. The Circle Is Open, But Never Broken!

Link to comment
Share on other sites

Using SSL means that things are encrypted, using an encryption file particular to that domain name (or that server if it's a shared ssl), so it makes things much hard for people trying to hack the site from outside.

 

To change the name of the 'admin' folder is not difficult. FTP to your website, right click on the folder and select 'Rename' and change the name. Then go into that folder, and go to the includes/configure.php file, and where you see the file pathways with /admin/ in it change it to /newname/

 

If you have password protected the old 'admin' folder then you have to repeat the process to protect the folder in its new name. You can do this from your web hosting control panel. Choose the longest password the system will allow (makes it harder to break). You should be able to use a combination of 12 letters and numbers.

 

Vger

 

Yes, if your hosting company provides a shared ssl then by all means make use of it - it's part of your package after all.

Link to comment
Share on other sites

:angry: :angry: :angry:

 

well... as usual o.catch has done it again... i was told that they have SSL certificate for its users to use... but was just told that they do not because they dont have a static ip... to host them on... as usual i now have to move my site.. i can't even buy one to put on my site... grrrrrrrr... very very upset at the moment.

 

got any good servers out there? that guarantees up time. with php and mysql service. i really hate this... this tooo might be part of the hack problem that has been going on for 6 months now..

 

Paula :'(

Knowledge Base

 

In Perfect Love, And Perfect Trust. The Circle Is Open, But Never Broken!

Link to comment
Share on other sites

  • 2 weeks later...
:angry:  :angry:  :angry:

 

well... as usual o.catch has done it again... i was told that they have SSL certificate for its users to use... but was just told that they do not because they dont have a static ip... to host them on... as usual i now have to move my site.. i can't even buy one to put on my site... grrrrrrrr... very very upset at the moment.

 

got any good servers out there?  that guarantees up time. with php and mysql service.  i really hate this... this tooo might be part of the hack problem that has been going on for 6 months now..

 

Paula :'(

 

Try 1and1.com at least their dedicated managed servers include a Dedicated SSL certificate. Sometimes their tech support service suck but in general I've been pleased.

Link to comment
Share on other sites

No - whatever you do - DO NOT try 1and1!!! Take a look through the posts on this forum to see ALL of the problems that osCommerce users have had with trying to get SSL working properly with 1and1. Trust me - it's the last thing you need.

 

Vger

Link to comment
Share on other sites

No - whatever you do - DO NOT try 1and1!!!  Take a look through the posts on this forum to see ALL of the problems that osCommerce users have had with trying to get SSL working properly with 1and1.  Trust me - it's the last thing you need.

 

Vger

 

Hmmm ... well, what other options WOULD you recommend. From what I've seen, the fixes are there for 1and1, they just need to be applied. Alos, it seems they arise primarily with Shared SSL, but on my server it's a dedicated cert

Link to comment
Share on other sites

What you actually said was "their dedicated managed servers include a Dedicated SSL certificate". Not many people go for dedicated servers, and many people do use shared SSL. Even with a full SSL with 1and1 there have been problems posted - and the point is, they are all totally unnecessary problems which have been created by the way in which 1and1 structure their servers. They do not deserve people's business if they can't set things up properly.

 

Vger

Link to comment
Share on other sites

Heh ... I tried to edit my "WOULD" back to no caps but it was too late...it looked like I was being snotty...sorry about that. ;)

 

I really would like to know what other options are there in comparison to 1and1 to avoid these issues. In particular I would like a dedciated server that has the SSL certificate included.

Link to comment
Share on other sites

In particular I would like a dedciated server that has the SSL certificate included.

 

That's fine - but this thread isn't about that. You recommended that Marc and Paula to go to 1and1, and given the other problems they have had I just think that more problems with 1and1 is the last thing they need.

 

There are plenty of companies out there which use perfectly sane and rational systems on their servers.

 

We're not allowed here to recommend specific companies, so if I did the post would just get deleted and I would get a rocket from the mods.

 

However, a dedicated ssl cert costs less than $50 a year, and compared to the cost of a dedicated server that's absolute peanuts.

 

Vger

Link to comment
Share on other sites

That's fine - but this thread isn't about that.  You recommended that Marc and Paula to go to 1and1, and given the other problems they have had I just think that more problems with 1and1 is the last thing they need.

 

There are plenty of companies out there which use perfectly sane and rational systems on their servers.

 

We're not allowed here to recommend specific companies, so if I did the post would just get deleted and I would get a rocket from the mods.

 

However, a dedicated ssl cert costs less than $50 a year, and compared to the cost of a dedicated server that's absolute peanuts.

 

Vger

 

My needs are more traffic based at this point. So a dedicated server is my only option. Anyway ... I guess I'll have to go for advice somewhere else :(

Link to comment
Share on other sites

  • 2 weeks later...

Merry Meet Again Vger,

 

ok i think i found a better server? http://hostforweb.com they have the space and bandwith that i need for my store. heard anything bad about them?

 

and i am getting a SSL cer. by myself, so i can set up my store to do Credit cards and not just use paypal.

 

been waiting for the wiz to get back to me, so that i can tell him what all i want in the store, so we can get the ball rolling. have not heard from him... so maybe thats a good thing. i want to change servers first i think. then he can come and put things on that i want. I have no idea how to edit php nor do i want to... i only know how to do the basic html stuff and some changes at the store... but i have no idea as to how to add any contribution or change anything php wise in the store. anyways enuf rambling.

 

thanks for all your help Vger.

 

Paula :huh:

Knowledge Base

 

In Perfect Love, And Perfect Trust. The Circle Is Open, But Never Broken!

Link to comment
Share on other sites

  • 2 months later...
We need to be careful about this, and find out which way round things were done.? You see it may be that you have a forum with an osCommerce plug-in, rather than the other way around.

 

Personally, if you need a forum I would keep it entirely seperate from osCommerce (on a subdomain perhaps), and if you want to use phpBB then it must be the very latest version, because all versions under two to three weeks old are hackable - and this could take down not only your site but all other sites on a shared server.

 

Post a link to your site so that we can take a look and see what needs to be done.

 

Vger

 

New to this forum ;)

 

I have been looking for solutions of a shopping cart, cms and forum for quite some time and is weighing the pros and cons of different combinations, mainly the "integrated login" part.

 

Now I am quite firm on using OSC and vbulletin. But came across 2 posts from other forums advising the same as Vger. I am beginning to think likewise. If having a shopping cart together with a forum and cms is going to cause security issues, I would rather keep them seperate since I am no programming or security expert if someone wre to hack in.

 

Can anybody who is having a forum in their OSC site give some comments on this? Do you keep it seperate or try ways and means to integrate them just to provide convenience to users?

 

Thanks in advance! :D

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...