Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

General Security Tips


Guest

Recommended Posts

Hello Everyone,

 

I was just wondering what basic security measures I should be taking on my osCommerce web site, I've had it a good few months now and I do occasionally find suspicious scripts on the server or have problems with hackers.

 

I have the basic 2.2 installtion with some contributions installed, I'm quite happy to install the contributions myself but I don't know much about security? I don't store card details, all card processing is done by a 3rd party.

 

I've been through the list of changes specified in the update release mentioned here:

http://www.oscommerce.com/about/news,121

 

What other basic changes should I be making? I've tried searching the forums but there's so many topics on security it's hard to find anything relevant?

 

Some suggestions I can think of:

 

Change the default name of the configure.php file - would this mess anything up elsewhere? Presuming I changed the reference to it in the application_top.php file? Should I then change the default name of this file as well?

 

What permissions should the folders on my site be using?

 

If anyone can point me at an article or previous posting on here that covers this kind of stuff it would be much appreciated.

 

Thanks

 

Sam

Link to comment
Share on other sites

A couple suggestions I have read are the obvious - password protect the admin directory, using your hosts control panel or .htaccess, and change the admin directory name. I have not tried changing file names, let me know if you have problems with it.

Link to comment
Share on other sites

A couple suggestions I have read are the obvious - password protect the admin directory, using your hosts control panel or .htaccess, and change the admin directory name. I have not tried changing file names, let me know if you have problems with it.

 

Hello,

 

Good point about changing the admin directory, hadn't thought of that. Thanks.

 

Anyone else willing to point me in the right direction?

Link to comment
Share on other sites

Install the update, it will help against spammers sending emails via your site. Also don't leave your images folder as 777, change it to 755 or less if you can. Only have it 777 when you are actually uploading.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...