Guest Posted February 19, 2006 Posted February 19, 2006 Hello Everyone, I was just wondering what basic security measures I should be taking on my osCommerce web site, I've had it a good few months now and I do occasionally find suspicious scripts on the server or have problems with hackers. I have the basic 2.2 installtion with some contributions installed, I'm quite happy to install the contributions myself but I don't know much about security? I don't store card details, all card processing is done by a 3rd party. I've been through the list of changes specified in the update release mentioned here: http://www.oscommerce.com/about/news,121 What other basic changes should I be making? I've tried searching the forums but there's so many topics on security it's hard to find anything relevant? Some suggestions I can think of: Change the default name of the configure.php file - would this mess anything up elsewhere? Presuming I changed the reference to it in the application_top.php file? Should I then change the default name of this file as well? What permissions should the folders on my site be using? If anyone can point me at an article or previous posting on here that covers this kind of stuff it would be much appreciated. Thanks Sam
Avec Posted February 19, 2006 Posted February 19, 2006 A couple suggestions I have read are the obvious - password protect the admin directory, using your hosts control panel or .htaccess, and change the admin directory name. I have not tried changing file names, let me know if you have problems with it.
Guest Posted February 21, 2006 Posted February 21, 2006 A couple suggestions I have read are the obvious - password protect the admin directory, using your hosts control panel or .htaccess, and change the admin directory name. I have not tried changing file names, let me know if you have problems with it. Hello, Good point about changing the admin directory, hadn't thought of that. Thanks. Anyone else willing to point me in the right direction?
Guest Posted February 22, 2006 Posted February 22, 2006 Install the update, it will help against spammers sending emails via your site. Also don't leave your images folder as 777, change it to 755 or less if you can. Only have it 777 when you are actually uploading.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.