kustomjs Posted September 26, 2008 Share Posted September 26, 2008 Alright Guys, I need to know how to secure my server and sites from hackers since Bill O'Reilly's site and Palin's email was hacked over few weeks and I want to know how to protect my server and customers information and pages safe from hackers? and Yes I have every right to me scared and the correct things to protect my server and customers information and pages safe I need your inputs what you think: and what I got installed onto my OSC is : FWR Security Pro and Check Permissions what else do I need? Link to comment Share on other sites More sharing options...
lindsayanng Posted September 26, 2008 Share Posted September 26, 2008 go to the tips and tricks forum section and find the post called SECURE YOUR SITE that spooks made.. it gives tips and links to all the contributions you can use to secure your site. A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
kustomjs Posted September 26, 2008 Author Share Posted September 26, 2008 Alright thanks lindsay for heads up and I just installed the secure admin login page. Link to comment Share on other sites More sharing options...
Guest Posted September 26, 2008 Share Posted September 26, 2008 I thought you believed email to be safe...hmm? Link to comment Share on other sites More sharing options...
lindsayanng Posted September 26, 2008 Share Posted September 26, 2008 their email was hacked by people that could probably hack anything.. and they were targets.. chances are, hackers with THAT much "talent" arent going to hack your little site.. But yea, it is scarey... i was hacked before i even went live.. my site had 500 hits over all, aand they were ALL me.. So yea.. it sucks, just be away and use Spook's thread as a guidline. A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
ecgbyme Posted September 26, 2008 Share Posted September 26, 2008 go to the tips and tricks forum section and find the post called SECURE YOUR SITE that spooks made.. it gives tips and links to all the contributions you can use to secure your site. I'm back looking for some answers to further secure our site. What's happened a few times lately is when a customer orders, before we even retrieve the order their CC is compromised and $1000s of dollars are run up on it. Talking to a customer today, they said that our site asked for the 3 digit number on the back of the card. We do not have that feature so what's going on?. Greatly appreciate any help. Link to comment Share on other sites More sharing options...
Guest Posted September 26, 2008 Share Posted September 26, 2008 I'm back looking for some answers to further secure our site. What's happened a few times lately is when a customer orders, before we even retrieve the order their CC is compromised and $1000s of dollars are run up on it. Talking to a customer today, they said that our site asked for the 3 digit number on the back of the card. We do not have that feature so what's going on?. Greatly appreciate any help. Whos the company insuring you are pci compliant by scanning your website regularly? They should have caught a problem with the security of your server. Ask them. No one here can know since we don't have access to your files in the backend. If this is happening, you MUST (in my opinion) shut down anyone's ability to put in their numbers for now, and figure it out. Put the site down for maintenance and get this fixed. Are you using ssl? Is your gateway getting the info from these customers? Again, if you are comprimised (and now you know it) and you don't shut down until it's fixed, you are up for one hell of a lawsuit should anyones info be used by another party. Link to comment Share on other sites More sharing options...
ecgbyme Posted September 26, 2008 Share Posted September 26, 2008 I'm not 100% sure of anything. This has happened a few times out of 100s. My server says that they're totally secure and no other breaches. But sometimes everyone tries to pass the buck. They said it could of been phishing the customer. I've been told that there are viruses and spyware that can keylog charge card info on the infected computer and send it out the back door. Has anyone else experienced this problem. Link to comment Share on other sites More sharing options...
♥Vger Posted September 26, 2008 Share Posted September 26, 2008 If you are using the osCommerce Credit Card module and then running credit card details through an EPOS machine then you need to uninstall that module. 1. It violates the agreement with the card companies - EPOS machines cannot be used for 'online' transactions. 2. The osCommerce Credit Card module stores the card details in the database, which is illegal to do on a Shared Server. You need to access the 'cc' tables via phpMyAdmin and empty them of stored data (Truncate). 3. If the site has been accessed illegally then the card details can be accessed from either the admin panel or the db. Vger I'm back looking for some answers to further secure our site. What's happened a few times lately is when a customer orders, before we even retrieve the order their CC is compromised and $1000s of dollars are run up on it. Talking to a customer today, they said that our site asked for the 3 digit number on the back of the card. We do not have that feature so what's going on?. Greatly appreciate any help. Link to comment Share on other sites More sharing options...
lindsayanng Posted September 26, 2008 Share Posted September 26, 2008 thats REALLY scarey.. It makes me loose a lot of faith in buying from any stores that i dont REALLY know.. I mean, thre are SOO many people who own e-stores that have NO CLUE!!! You definitely should do some research on the LAWS for credit card..if your customers find out that you are storing their numbers and not using a gateway, they can really put you out of business.. i know i would. A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.