Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security settings for index.php ?


sunny88

Recommended Posts

i've experienced malware related iframe injections into my oscommerce index.php files.

 

still trying to locate how this happened, but suspect that it might be related to our ISP. i suspect that this is an automated attack - and seems to focus on index.php (both store and admin index.php files).

 

looking through the access logs for when the index.php files were modified, shows no access to the files, so I don't think its related to a leak of my FTP password. Have changed the FTP password just in case.

 

what my question is - is can I safely (and should I) set the index.php files under oscommerce to read only, ie (444)?

 

is there any problem with me setting all the oscommerce files to read only, ie (444)?

Link to comment
Share on other sites

Setting the index files to 444 permissions shouldn't cause any problems.

 

From my experiences, the most commons reason a site gets hacked is improper permissions.

 

People have their images (or /admin/backups ) folder at 777 permissions.

 

If you have ANY web accessible folder with 777 permissions it's only going to be a matter of time before you get hacked.

 

There are many web robots combing the internet 24/7/365 for just such a vulnerability.

 

Folder permissions should NOT be higher that 755 - PERIOD.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...