Since so many sites are getting hacked how do I secure my server and sites?

[kustomjs]

Alright Guys,

 

I need to know how to secure my server and sites from hackers since Bill O'Reilly's site and Palin's email was hacked over few weeks and I want to know how to protect my server and customers information and pages safe from hackers?

 

and Yes I have every right to me scared and the correct things to protect my server and customers information and pages safe I need your inputs what you think:

 

and what I got installed onto my OSC is : FWR Security Pro and Check Permissions what else do I need?

[lindsayanng]

go to the tips and tricks forum section and find the post called SECURE YOUR SITE that spooks made.. it gives tips and links to all the contributions you can use to secure your site.

[kustomjs]

Alright thanks lindsay for heads up and I just installed the secure admin login page.

[Guest]

I thought you believed email to be safe...hmm?

[lindsayanng]

their email was hacked by people that could probably hack anything.. and they were targets.. chances are, hackers with THAT much "talent" arent going to hack your little site..

But yea, it is scarey... i was hacked before i even went live.. my site had 500 hits over all, aand they were ALL me..

 

So yea.. it sucks, just be away and use Spook's thread as a guidline.

[ecgbyme]

go to the tips and tricks forum section and find the post called SECURE YOUR SITE that spooks made.. it gives tips and links to all the contributions you can use to secure your site.

 

I'm back looking for some answers to further secure our site. What's happened a few times lately is when a customer orders, before we even retrieve the order their CC is compromised and $1000s of dollars are run up on it. Talking to a customer today, they said that our site asked for the 3 digit number on the back of the card. We do not have that feature so what's going on?. Greatly appreciate any help.

[Guest]

I'm back looking for some answers to further secure our site. What's happened a few times lately is when a customer orders, before we even retrieve the order their CC is compromised and $1000s of dollars are run up on it. Talking to a customer today, they said that our site asked for the 3 digit number on the back of the card. We do not have that feature so what's going on?. Greatly appreciate any help.

 

Whos the company insuring you are pci compliant by scanning your website regularly? They should have caught a problem with the security of your server. Ask them. No one here can know since we don't have access to your files in the backend. If this is happening, you MUST (in my opinion) shut down anyone's ability to put in their numbers for now, and figure it out. Put the site down for maintenance and get this fixed.

 

Are you using ssl? Is your gateway getting the info from these customers? Again, if you are comprimised (and now you know it) and you don't shut down until it's fixed, you are up for one hell of a lawsuit should anyones info be used by another party.

[ecgbyme]

I'm not 100% sure of anything. This has happened a few times out of 100s. My server says that they're totally secure and no other breaches. But sometimes everyone tries to pass the buck. They said it could of been phishing the customer. I've been told that there are viruses and spyware that can keylog charge card info on the infected computer and send it out the back door. Has anyone else experienced this problem.

[♥Vger]

If you are using the osCommerce Credit Card module and then running credit card details through an EPOS machine then you need to uninstall that module.

 

1. It violates the agreement with the card companies - EPOS machines cannot be used for 'online' transactions.

 

2. The osCommerce Credit Card module stores the card details in the database, which is illegal to do on a Shared Server. You need to access the 'cc' tables via phpMyAdmin and empty them of stored data (Truncate).

 

3. If the site has been accessed illegally then the card details can be accessed from either the admin panel or the db.

 

Vger

I'm back looking for some answers to further secure our site. What's happened a few times lately is when a customer orders, before we even retrieve the order their CC is compromised and $1000s of dollars are run up on it. Talking to a customer today, they said that our site asked for the 3 digit number on the back of the card. We do not have that feature so what's going on?. Greatly appreciate any help.

[lindsayanng]

thats REALLY scarey.. It makes me loose a lot of faith in buying from any stores that i dont REALLY know.. I mean, thre are SOO many people who own e-stores that have NO CLUE!!!

 

You definitely should do some research on the LAWS for credit card..if your customers find out that you are storing their numbers and not using a gateway, they can really put you out of business.. i know i would.