sanjay1992 Posted May 25, 2008 Share Posted May 25, 2008 hey people im new to this forum but in regards to oscommerce saftey i worried i was searching tutorial to set up oscommerce . and i found these links HELP! http://www.youtube.com/watch?v=wp-jzjRcuAU...feature=related http://www.youtube.com/watch?v=T_FtJoDqOts they show how to hack ecommerce site ! HELP R WE SAFE???????? Link to comment Share on other sites More sharing options...
spooks Posted May 25, 2008 Share Posted May 25, 2008 These are quite old & the testimonials one only applied if you had that contribution. To be sure use these: Security Pro http://addons.oscommerce.com/info/5752 SiteMonitor http://addons.oscommerce.com/info/4441 ;) Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
sanjay1992 Posted May 25, 2008 Author Share Posted May 25, 2008 so what does this mean ??? i put these onto the site they should be ok ?? please explain im not to good with this??? Link to comment Share on other sites More sharing options...
gamesxs Posted May 25, 2008 Share Posted May 25, 2008 Hi Spooks, Now i,m scared, just done a search to hack osC, found this http://www.youtube.com/watch?v=wp-jzjRcuAU...feature=related Followed instructions..... and it works!!!! Now need to telephone and apologize to the site. Did not download the product, but could have done!! if I had the faintest clue regarding exactly what it was that I may or may not be doing, I would stop it!! Link to comment Share on other sites More sharing options...
spooks Posted May 25, 2008 Share Posted May 25, 2008 The Contribs I mentioned do the following, clean the $_GET vars, to ensure that nothing can be applied to a form or via the url that might allow a hacker access, OSC has functions to block these with escape codes, but it may just be possible for a clever hacker to get around that with some clever encoding, so this stops that. the second is mearly a logging tool, so if anything should happen you know what was done so can take appropriate steps. Regarding the cart hack: Changing the name of your return page would stop that, there is probably a contrib, if not I would look at creating a page to checks on return. Check paypal IPN, but also register_globals first if you consider installing. ;) Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Guest Posted May 30, 2008 Share Posted May 30, 2008 If you have the money to spend and security is a high concern for you, I recommend trying out http://www.thefirewallscript.com just as added security. Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.