joeyjgarcia Posted March 19, 2007 Posted March 19, 2007 Is there a way to have some software that can determine when my site is accessed via FTP and alert me? Possibly from reading the logs? I found a bunch of foreign links that look like htey were hosted on my site when I went to Google and did site:<mydomain.com>. I found a .htaccess file and a couple of .php files that were the culprits, I removed them and changed my site password but I'm not comfortable just waiting until the next hack.
Guest Posted March 19, 2007 Posted March 19, 2007 for oscommerce there is http://www.oscommerce.com/community/contributions,4441
sheltonjb Posted March 19, 2007 Posted March 19, 2007 Is there a way to have some software that can determine when my site is accessed via FTP and alert me? Possibly from reading the logs? I found a bunch of foreign links that look like htey were hosted on my site when I went to Google and did site:<mydomain.com>. I found a .htaccess file and a couple of .php files that were the culprits, I removed them and changed my site password but I'm not comfortable just waiting until the next hack. There seems to be alot of this type of hack going on, even outside of osCommerce. I make gneral information sites in my spare time for friends and family and 5 out of 5 had the same hack. I also had people hosted with the same as me contact me and saying they had the same problem. I put it down to the host being crap, but i've since seen this mentioned on here more than once. Does anyone know how the hackers are doing it? and what can be done to prevent it, apart from CHMOD cus that doesnt seem to work... Shelton Brown Web/Graphic Designer
vasttech Posted March 19, 2007 Posted March 19, 2007 Security is only as good as the person securing the access to something. For your own security you want to use strong passwords. For example at least 8 alpha-numeric/symbol characters with a combination of upper/lowercase (Th1s1San3xamp13!). As a hosting provider we require all of our customers to have a minimum combination such as that for everything. Also for maximum security you should try to use different passwords for everything (i.e. one for control panel, one for FTP, one for SSH) if you can. Hackers will typically find the easiest targets first and hit them. The harder you make it the less likely it is to get hacked right away. Change passwords often and always backup your files at least weekly, preferably daily - and don't forget to backup your database. osCommerce Knowledge Base osCommerce Documentation Contributions
Jack_mcs Posted March 19, 2007 Posted March 19, 2007 There are a number of ways for them to get in and they are constantly looking for more. You should install the latest oscomerce updates, the site monitor mentioned above, change your logins (all of them, not just your admin one) and make sure you don't have a test shop set up on your server that doesn't have its admin password protected. There are probably other things you could do but that is all I can think of at the moment. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Recommended Posts
Archived
This topic is now archived and is closed to further replies.