Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to secure your osCommerce 2.2 site.


spooks

Recommended Posts

Is it possible to have Spooks chime in on whether the server_info.php and phpinfo files should indeed be removed and if so, I think the original post should be amended to include this.

If any script is accessible from the web that may reveal paths, OS versions, apache versions, perl, php, or any other version information it should be removed or protected so that the information is not available to hackers. If it is available to them you will not pass security scans, if you bother doing them.

 

I don't think the original post can be amended by anyone except the administrators of the forum.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

  • Replies 657
  • Created
  • Last Reply

Regarding .htaccess, i tested it with XSS anti script contrib and htaccess_protection contrib, the only thing i couldn't include was this part:

 

# ban spam bots

RewriteCond %{HTTP_USER_AGENT} almaden [OR]

RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]

RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]

RewriteCond %{HTTP_USER_AGENT} ^attach [OR]

RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]

RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR]

RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR]

(...)

RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]

RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]

RewriteCond %{HTTP_USER_AGENT} ^Zeus

RewriteRule ^.* - [F,L]

RewriteCond %{HTTP_REFERER} ^http://www.our_url$

RewriteRule !^http://[^/.]\.our_url.* - [F,L]

#EOF htaccess_protection

 

When i insert this part it gives server error 500

 

On another note: normally .htaccess is installed in domain's root. But of course it can be used in subfolders, specifying then different remods (which is the case of oscommerce, since there is almost a .htaccess for each main subfolder)

When a .htaccess file is found in a subfolder it overrides its parent one (only the specified remods) i think this is called inheritance(i read this in a link regarding .htaccess features).

 

What i need to know is if i can just leave the .htaccess that are spread in root/catalog/ and its subfolders, and just change the .htaccess that i have in root/ or i have also to change/delete/alter the other ones !?!?! it can get quite messy but i only recently discovered that .htaccess setup is essencial...

 

basically i copy pasted those 2 contribs i mentioned in the begining of my post (and i left the line Options All -Indexes that my host leaves in root by default so i think this is ok!?

 

Can anyone clarify and sort in a definitive solution the right .htaccess to have in secure osc merchant online shops, thanks in advance.

Link to comment
Share on other sites

 

////
// Clean post vars 
function clean_var ($vars) { 
 if (!is_array($vars)) {                          	
 return preg_replace("/[^\p{L}\d\r@ :{}_.-]/i", "", urldecode($vars)); 
 } else { 	
 return array_map('clean_var', $vars); 
 }
} 


  if (PHP_VERSION >= 4.1) $HTTP_POST_VARS =& $_POST; 
 reset($_POST);      	
 while (list($key, $value) = each($_POST)) {                    	
 $_POST[$key] = clean_var ($_POST[$key]);    	
 } 

 

 

Is there some way to display some of these characters without having them inserted into the database? Some of them are not practical to exclude. If you look at creating an account, it strips the slashes from the birthdate which is part of the required format and doesn't let you continue. What if your name is O'Brien?

Link to comment
Share on other sites

 

 

Sam's Anti-hacker Account Mods http://addons.oscommerce.com/info/7202 deals with the dob issue

 

O'Brien becomes O Brien

 

Are you suggesting you should not apply security as it may inconvenience your visitors?

 

Allowing any quotes is a big error, and should you ever have to pass a api check would be garanteed to cause a fail.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Whatttttttt??? :angry: I am totally bummed now. Just reading around and making changes here and there, On MY THIRD INSTALLATION of Oscommerce. I've messed up previously :( , and the one prior to this, was a simple mistake, buttt had to start all over. Anyways, I've invested hourssss many hoursss, and I wasn't aware of all of these security riskss. OH God, going to sleep on this one, can't take it anymore. Anyways, just writing to thank you for the post, and making users aware. And I wanted to ask, is it necessary to install all of these add ons to be completely safe? Or would several of them do?

I Hate PHP, LoLssss

Visit My Site, Any constructive comments and suggestions Welcome :)

WARNING: IT'S STILL UNDER CONSTRUCTION, LOLS

Link to comment
Share on other sites

Regarding .htaccess, i tested it with XSS anti script contrib and htaccess_protection contrib, the only thing i couldn't include was this part:

 

# ban spam bots

RewriteCond %{HTTP_USER_AGENT} almaden [OR]

RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]

RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]

RewriteCond %{HTTP_USER_AGENT} ^attach [OR]

RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]

RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR]

RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR]

(...)

RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]

RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]

RewriteCond %{HTTP_USER_AGENT} ^Zeus

RewriteRule ^.* - [F,L]

RewriteCond %{HTTP_REFERER} ^http://www.our_url$

RewriteRule !^http://[^/.]\.our_url.* - [F,L]

#EOF htaccess_protection

 

When i insert this part it gives server error 500

 

On another note: normally .htaccess is installed in domain's root. But of course it can be used in subfolders, specifying then different remods (which is the case of oscommerce, since there is almost a .htaccess for each main subfolder)

When a .htaccess file is found in a subfolder it overrides its parent one (only the specified remods) i think this is called inheritance(i read this in a link regarding .htaccess features).

 

What i need to know is if i can just leave the .htaccess that are spread in root/catalog/ and its subfolders, and just change the .htaccess that i have in root/ or i have also to change/delete/alter the other ones !?!?! it can get quite messy but i only recently discovered that .htaccess setup is essencial...

 

basically i copy pasted those 2 contribs i mentioned in the begining of my post (and i left the line Options All -Indexes that my host leaves in root by default so i think this is ok!?

 

Can anyone clarify and sort in a definitive solution the right .htaccess to have in secure osc merchant online shops, thanks in advance.

 

Can anyone sort this... thanks... send answers :)

Link to comment
Share on other sites

Sam's Anti-hacker Account Mods http://addons.oscommerce.com/info/7202 deals with the dob issue

 

O'Brien becomes O Brien

 

Are you suggesting you should not apply security as it may inconvenience your visitors?

 

Allowing any quotes is a big error, and should you ever have to pass a api check would be garanteed to cause a fail.

 

I don't doubt the importance of not allowing quotes, but I ask if there is a way around. Certainly, there is plenty of user input displayed around the web that has quotes and various other characters. Perhaps they are replaced by something else before inserted and re-interpreted for display?

Link to comment
Share on other sites

I don't doubt the importance of not allowing quotes, but I ask if there is a way around. Certainly, there is plenty of user input displayed around the web that has quotes and various other characters. Perhaps they are replaced by something else before inserted and re-interpreted for display?

 

 

There are techniques to allow anything, but to do so within osC would mean too many changes, so no.

 

The fact that some sites allow any characters does not mean they are doing so safely, also it depends on the context, whats safe within a forum differs to whats safe within a e-commerce environment.

 

 

PS I note the likes of O`Brien are happy to use O-Brien when their quote is rejected. wink.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

I am trying to install SecurityPro_installer.php

 

I get the following instructions:

 

Upload SecurityPro_installer.php to your catalog folder. Browse to it and the installation will auto insert your admin settings.

 

Please explain "Browse to it and the installation will auto insert your admin settings"

 

What does it mean top "Browse to it"

 

I do not understand that statement and what to do........

Link to comment
Share on other sites

I am trying to install SecurityPro_installer.php

 

I get the following instructions:

 

Upload SecurityPro_installer.php to your catalog folder. Browse to it and the installation will auto insert your admin settings.

 

Please explain "Browse to it and the installation will auto insert your admin settings"

 

What does it mean top "Browse to it"

 

I do not understand that statement and what to do........

Access the file with your internet browser.

 

Something like:

 

http://www.YOUR_DOMAIN.com/catalog/SecurityPro_installer.php

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Good Afternoon Everyone.

 

I have been following this site so please forgive me if I started from page one and am one one page 11. I wanted to follow the thread to see its' development and and I have learned a lot of things that have helped me along the way which I would not have gotten if I had just skipped to page 19 or 20.

 

2.2 RC2a hosted on Site Ground.

 

I have added on these security modules.

 

Antixxs 1

Check Permissions 1.3

IP Trap 3

Kis Error 1 r 20 This is the best tool ever.. : )

Security Pro 1.0.2

Xss Html Injection (tims) this version.

 

I was getting an error on line 58 in /includes/functions/cache.php line 58 standard installation file there is an '@" in the fopen command so I went into admin to FW Security Pro clicked flie exclusion ON and clicked file exclusion and put in this path /includes/functions/cache.php which now allows the cache file to be I assume read as it is being written to /tmp.

 

I verified this.

 

Now I have no more errors.

 

The point of FW Security Pro is to plug holes. Did I do the right thing as the problem is gone but did I open an exploitable hole. Is there another way to fix this which is working now?

 

Leon.

 

I will catch up from page 11 to 20.

 

Just don't want to catch the little pieces of info in between.

Link to comment
Share on other sites

 

 

The recomendations on the OP still stand, if you wish to miss some off, then that is at your own risk.

 

I still prefer the htaccess Antixxs to tims

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Hi Everyone and Spooks,

 

I recon from reading these forums you are one of the major advisors here regarding oscommerce security, and your thread here i'm sure helps a lot of people who has to choose among many contributions. So i would like to know if you think this contribution should be added to your list: http://addons.oscommerce.com/info/7279 or http://addons.oscommerce.com/info/7211 Virus & Threat analyser (i think this is to much powerfull and can include some code that can do some damage so i would like to know if you think it is so good, clean and not having redundancy with some of the already suggested contribs). I know both contribs may be good and the effort put in both is and must be encouraged, congratulations for both contributors. Considering the listed contribs in start of topic though, they may be redundant or not necessary hence this question.

 

thanks in advance

Link to comment
Share on other sites

 

 

 

This thread is about securing your site, not about fixing things if you did'nt.

 

The recomended add-ons, if all installed would catch anything those are aimed at anyway. wink.gif

 

I don't recomend using any contrib that is not supported, especially ones where the contributer never comes to the forum. If someone does not feel able to post answers on the forum but just uploads a bloat of un-supported add-ons you have to wonder to thier true ability & purpose. ohmy.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Thank You... this is for real

 

Your help for us who are trying to accomplish something valid and honestly in this selfish world well now it's not so selfish lolol it's always refreshing to see people volunteering to help others (and i'm sure you and others here will and are receiving credits and work for your unvaluable efforts which are priceless... there is no price or money in the world that can pay truth help and assistance of others, doing good and expect nothing in turn) the only words that i can express are: thank you.

 

:) have fun and accept congratulations

Fc

Link to comment
Share on other sites

Hi there, I'm going through all of the installs recommended after my Blog and test site were killed a few weeks ago thanks to some hacker, but I have a couple of questions if you'd be so kind to let me have your thoughts.

 

1) With the XSS shield, I already have the line Options +FollowSymLinks in my .htaccess and it doesn't like this being duplicated, am I OK to leave this line out from the XSS shield?

 

2) I no longer have a test site mirroring my live site thanks to the damn hacker (and yes basic mistake I hadn't backed up the test site), so I'm going to be modding my live site with Security Pro but this is worrying me a bit due to the comments about it affecting other contributions. My site is highly modified so if it does affect anything am I able to switch off Security Pro to stop the impact? (I know this defeats the object, but without a test site I'm struggling with what else to do)...

 

Of hand has anyone had any experience of any contributions being affected by Security Pro?

 

I'd really appreciate your help.

 

Daz

Link to comment
Share on other sites

 

1) With the XSS shield, I already have the line Options +FollowSymLinks in my .htaccess and it doesn't like this being duplicated, am I OK to leave this line out from the XSS shield?

 

 

 

Yes, it only needs to occur once in the file.

 

2) I no longer have a test site mirroring my live site thanks to the damn hacker (and yes basic mistake I hadn't backed up the test site), so I'm going to be modding my live site with Security Pro but this is worrying me a bit due to the comments about it affecting other contributions. My site is highly modified so if it does affect anything am I able to switch off Security Pro to stop the impact? (I know this defeats the object, but without a test site I'm struggling with what else to do)...

 

Security Pro has options to deal with troublesome pages, but it has its own support forum, you would be best raising any issues there.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Hi there, I'm going through all of the installs recommended after my Blog and test site were killed a few weeks ago thanks to some hacker, but I have a couple of questions if you'd be so kind to let me have your thoughts.

 

1) With the XSS shield, I already have the line Options +FollowSymLinks in my .htaccess and it doesn't like this being duplicated, am I OK to leave this line out from the XSS shield?

 

2) I no longer have a test site mirroring my live site thanks to the damn hacker (and yes basic mistake I hadn't backed up the test site), so I'm going to be modding my live site with Security Pro but this is worrying me a bit due to the comments about it affecting other contributions. My site is highly modified so if it does affect anything am I able to switch off Security Pro to stop the impact? (I know this defeats the object, but without a test site I'm struggling with what else to do)...

 

Of hand has anyone had any experience of any contributions being affected by Security Pro?

 

I'd really appreciate your help.

 

Daz

 

hi

http://www.oscommerce.com/forums/topic/293326-contribution-security-pro-querystring-protection-against-hackers/ -> there is the link fellow enjoy.

Link to comment
Share on other sites

Hi all

 

I want to install the Anti XSS (other version) contribution. My htaccess was already in place with the FWR USU5 contribution and i needed to comment out a line , now is like this:

 

# If you are getting errors you may need to comment this out like ..
# Options +FollowSymLinks
#Options +FollowSymLinks
<IfModule mod_rewrite.c>
 RewriteEngine On

 # RewriteBase instructions
 # Change RewriteBase dependent on how your shop is accessed as below.
 # http://www.mysite.com = RewriteBase /
 # http://www.mysite.com/catalog/ = RewriteBase /catalog/ 
 # http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/

 # Change RewriteBase using the instructions above  
 RewriteBase /shop/catalog/

 RewriteRule ^(.*)-p-([0-9]+).html$ product_info.php?products_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-c-([0-9_]+).html$ index.php?cPath=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-m-([0-9]+).html$ index.php?manufacturers_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-pi-([0-9]+).html$ popup_image.php?pID=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-pr-([0-9]+).html$ product_reviews.php?products_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-pri-([0-9]+).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING}
 # Articles contribution
 RewriteRule ^(.*)-t-([0-9_]+).html$ articles.php?tPath=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-a-([0-9]+).html$ article_info.php?articles_id=$2&%{QUERY_STRING}
 # Information pages
 RewriteRule ^(.*)-i-([0-9]+).html$ information.php?info_id=$2&%{QUERY_STRING}
 # Links contribution
 RewriteRule ^(.*)-links-([0-9_]+).html$ links.php?lPath=$2&%{QUERY_STRING}
 # Newsdesk contribution
 RewriteRule ^(.*)-n-([0-9]+).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-nc-([0-9]+).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-nri-([0-9]+).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-nra-([0-9]+).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING}
</IfModule>

 

So i guess i can´t use the XSS.txt directly....could anyone put here the complete thing?

 

Thanks

Link to comment
Share on other sites

Ok, my main doubt was about the correct structure, IN or OUT of </IfModule> to be honest.

No the file looks like:

 

# If you are getting errors you may need to comment this out like ..
# Options +FollowSymLinks
#Options +FollowSymLinks
<IfModule mod_rewrite.c>
 RewriteEngine On

 # RewriteBase instructions
 # Change RewriteBase dependent on how your shop is accessed as below.
 # http://www.mysite.com = RewriteBase /
 # http://www.mysite.com/catalog/ = RewriteBase /catalog/ 
 # http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/

 # Change RewriteBase using the instructions above  
 RewriteBase /shop/catalog/

 RewriteRule ^(.*)-p-([0-9]+).html$ product_info.php?products_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-c-([0-9_]+).html$ index.php?cPath=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-m-([0-9]+).html$ index.php?manufacturers_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-pi-([0-9]+).html$ popup_image.php?pID=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-pr-([0-9]+).html$ product_reviews.php?products_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-pri-([0-9]+).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING}
 # Articles contribution
 RewriteRule ^(.*)-t-([0-9_]+).html$ articles.php?tPath=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-a-([0-9]+).html$ article_info.php?articles_id=$2&%{QUERY_STRING}
 # Information pages
 RewriteRule ^(.*)-i-([0-9]+).html$ information.php?info_id=$2&%{QUERY_STRING}
 # Links contribution
 RewriteRule ^(.*)-links-([0-9_]+).html$ links.php?lPath=$2&%{QUERY_STRING}
 # Newsdesk contribution
 RewriteRule ^(.*)-n-([0-9]+).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-nc-([0-9]+).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-nri-([0-9]+).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING}
 RewriteRule ^(.*)-nra-([0-9]+).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING}
</IfModule>

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

 

So,

1) Is that correct?

2) To add a blacklist (i.e.) will be RETURN + COPY&PASTE?

 

Sorry if sounds too naive but is the second time i touch an .htaccess.

 

Regards

Link to comment
Share on other sites

Hi,

 

I have installed all the security updates as detailed in this post - and yesterday ran the Acunetex web scanner (free edition) which checks for XSS vulnerabilities, The scan took over two hours, but It did not find anything on my site vulnerable to Xss.

 

So Basically, Thank You !

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Is that correct?

 

 

Yes, that looks fine, the main other htaccess security entries are:

 

# specify error doc (404)

ErrorDocument 404 /404.php

 

# No directory browsing

Options -Indexes

 

# deny access to unused filetypes

<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">

deny from all

</FilesMatch>

 

# no access to htaccess files

<Files ~ "^\.ht">

Order allow,deny

Deny from all

Satisfy All

</Files>

 

# no access to config files

<Files ~ "\config.php$">

deny from all

</Files>

 

# Force type & prevent script execution

<Files site>

ForceType application/x-httpd-php

</Files>

 

 

 

 

 

 

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Thank you!!

 

Will check those commands b4 inserting, i think FWR and his USU5 already did something about 404.

 

Is there a list of which files are to be 644 or 755, what´s the real problem if i have 755´s in filezilla?

 

Keep learning...

Link to comment
Share on other sites

And about

 

FORMS:

 

Security Pro cleans the query string, however any forms using $_POST are un-affected, if you have any forms using the post method you would be advised to do the following on pages accepting $_POST vars.

 

Where exactly are those forms to recode?

Link to comment
Share on other sites

And about

 

FORMS:

 

Security Pro cleans the query string, however any forms using $_POST are un-affected, if you have any forms using the post method you would be advised to do the following on pages accepting $_POST vars.

 

Where exactly are those forms to recode?

 

 

If you look at Sam's Anti-hacker Account Mods that covers all the standard pages using post bar any payment pages.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...