fliptoppbox Posted August 8, 2008 Posted August 8, 2008 Every week when I visit my site I found it has been hacked by a turkish hacking team with nothing to do. It is the main index.php that gets altered. I also find that when I google my site, one result is the main page, and there is a sub result with my customer ID in the URL. Maybe this is part of the problem. Are there any steps I can take to prevent this from happening? To the best of my knowledge nobody is paid for assistance on this forum so I really appreciate any help. Thanks, Paul
Guest Posted August 8, 2008 Posted August 8, 2008 This is taken from a post by OSC member Vger. Sorry I can't link to it but should get you in the right direction. After you have installed osCommerce then you need to do the following things to secure it (if you've not already done so): 1. Rename your osCommerce 'admin' folder to something unique (not admin2 or newadmin) and change the two references to /admin/ to /new_name/ in admin/includes/configure.php 2. Make sure the newly renamed 'admin' folder is password protected (absolutely essential). 3. Make sure that no folder has permissions higher than 755. With some hosts you must use permissions of 777 on the 'images' folder, but this is a security risk so ask if they can change that setting on the server. 4. Delete the file admin/file_manager.php and remove the link to it from the admin/includes/boxes/tools.php file (you should not use the File Manager to edit files anyway). 5. Don't give out your User Name and Password for access to anyone unless you absolutely trust them. 6. Make sure that your own computer has up to date Firewall, Anti-Virus and Anti-Spyware protection. Vger
♥geoffreywalton Posted August 8, 2008 Posted August 8, 2008 One of my add-ons will show you the permissions on all the files on your site. Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
spooks Posted August 8, 2008 Posted August 8, 2008 You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752 You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441 You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914 You can add htaccess protection http://addons.oscommerce.com/info/6066 You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044 Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.