For all oscommerce store owners

[kudviss]

Many thanks to all the persons who participated in building this great forum and osCommerce as an online shop e-commerce solution. I wonder if there is someone who can provide us (as oscommerce store owners) with some suggestions about how to protect one's store from potential dangers such as hacking and other malicious attacks.

 

Be sure that your participations in this topic will be of great aid to all osCommerce users, because most of them aren't aware of the growing Internet Security threats and how to be protected from.

Thus, your participation is so much appreciated, Thanks.

[GemRock]

...because most of them aren't aware of the growing Internet Security threats and how to be protected from..

The truth is that most of them are NOT experiencing any such threats ever since osc was developed and used. and I am not participating.

 

Ken

[kudviss]

The truth is that most of them are NOT experiencing any such threats ever since osc was developed and used. and I am not participating.

 

Ken

 

 

Sir, you misundertood me, I just want the community members to explain and suggest some useful points and contributions that may enhance the security of osCommerce users, such the utility of SSL connection and Admin LogOut and other things that has to do with security matters.

I didn't say in my topic anything wrong about osc. KEEP YOUR COOL.

[Guest]

haha ken if you didn't want to participate why did you bother posting?

 

the most important security tips i have come across in my short time using osc are: change the name of the admin directory (and update configure.php in that folder) and keep .htpasswd & .htaccess updated with details of the changes. installing a contribution that enables a table in the db to hold admin login details, and that introduces a login page for teh admin section is also a good idea. other than that osc is pretty bulletproof so its just general webserver security stuff that any website owner should be aware of.

[GemRock]

haha ken if you didn't want to participate why did you bother posting...

I was not and am still not participating because of its self-claimed importance of the topic, as I do not believe that *most* of osc users 'aren't aware of the growing Internet Security threats and how to be protected from' (base on what you could make such a claim?), and reason for posting is I have to point out the truth so as not to mislead anyone new to this forum and/or osc. Is this clear enough?

Of course you can have your own view, and so am I.

 

Ken

[kudviss]

Ken maybe you are an advanced user of osc, that's why you underestimate the importance of that topic. For instance the suggestions that thom powell came with, personally I did not know before, and I still have a vague idea about it, and I assume many others do so. As thom powell said if you don't want to participate please don't bother posting, we are not here to urge!.

[mselle]

<_<. quote name='kudviss' date='Feb 26 2007, 07:32 PM' post='1032511']

Ken maybe you are an advanced user of osc, that's why you underestimate the importance of that topic. For instance the suggestions that thom powell came with, personally I did not know before, and I still have a vague idea about it, and I assume many others do so. As thom powell said if you don't want to participate please don't bother posting, we are not here to urge!.

[mselle]

I agree i am a new user and still have yet to fix the password problems so that security issue to me is of the UTMOST importance! And no one seems to know how to explain any of the program in a straight forward way. So i am still lost after a month of figuring out nothing and i still can't figure out why when i did a test order i cant see what i ordered.

[kudviss]

Of course security issue is of the utmost importance, we greatly appreciate if Thom Powell or someone else explain more the tips suggested above because they are still mere hints. Many thanks to everyone again.

[bill110]

I can help with a couple of the suggestions.

Changing the admin folder name to say frogs.

Then in the catelog/includes/configure.php file change this line (Yours will be somewhat different)

  define('DIR_FS_ADMIN', 'c:/program files/easyphp1-8/tutorials/admin/'); // absolute pate required

to this

 define('DIR_FS_ADMIN', 'c:/program files/easyphp1-8/tutorials/frogs/'); // absolute pate required

then go to a site like this

http://www.javascriptkit.com/howto/htaccess.shtml

to help create the .htaccess and .htpasswd

The site is also a tutorial on creating these and has a generator to encrypt the .htpasswd file..

[♥toyicebear]

It's really only 2 points which is critical.

 

1. secure you shops admin with htaccess , this can usually be done very easily in your web hosting control panel.

 

2. Use the latest oscommerce or upgrade your version to the latest version.

[kudviss]

I changed the name of the admin folder and replace ''admin'' in configure.php with say "frogs" but when i tried to upload it to the server, it couldn't be uploaded, there is a critical error of transfer. Other files can be transferred.

[njtermite]

I changed the name of the admin folder and replace ''admin'' in configure.php with say "frogs" but when i tried to upload it to the server, it couldn't be uploaded, there is a critical error of transfer. Other files can be transferred.

 

Hi sounds to me you need to change the permission of the config file your trying to overwrite. ;)

 

Regards,

Mark

[kudviss]

You were right Mark, thank you.

James

[kudviss]

and keep .htpasswd & .htaccess updated

 

Could anyone please tell us which .htpasswd & .htaccess because apparantly there are many of such files in different folders, and how to configure or update them?

 

Best regards,

James

[SpinerC]

Many thanks to all the persons who participated in building this great forum and osCommerce as an online shop e-commerce solution. I wonder if there is someone who can provide us (as oscommerce store owners) with some suggestions about how to protect one's store from potential dangers such as hacking and other malicious attacks.

 

Be sure that your participations in this topic will be of great aid to all osCommerce users, because most of them aren't aware of the growing Internet Security threats and how to be protected from.

Thus, your participation is so much appreciated, Thanks.

 

Forgive me if I repeat anyone else here but, I have found that an SSL Certificate is one of the ways, got mine at Godaddy.com.

 

And then there are the steps to secure your Admin area.

 

Password protect it AND change the name of the file ADMIN to something else that has nothing to do with your site and is not easily figured out, then make the two changes in your files and whala! That's about as protected as one can get! for now lol!

 

Sincerely

Charlene :)