Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

security risk


Guest

Recommended Posts

Posted

Hi all

 

I have my site hosted by JustHost. I downloaded oscommerce and had it password protected. I followed all the suggested how to secure your site, and they are working fine.

 

I did not however change the name of the admin, as i was struggling to do it. Everytime I did change it, it reverted back to the same old admin name.

 

My first question is, if it is already protected through justhost, do I need to protect it again?

Also, I think somebody has tried to hack my site and gone into customer orders, possibly. If I copy what they did into my browser it brings up customer orders but in table form and no details, just amounts, this is mainly because at the moment most of my orders are cash sales so I put them through as the shop address.

When I try to get into other areas of admin it asks for my password.

 

Can somebody please help me as I need to get this sorted. I have blocked the ip address from my site also.

 

Many Thanks

Posted

If you followed the link to jans thread on admin protection, there are details there on preventing that hack.

 

Also if they got in you have'nt password protectection you think, you should get a popup asking for password when you go there, again see jans thread.

 

Everytime I did change it, it reverted back to the same old admin name.

 

You did'nt follow the instructions fully!! configure changes!!

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Posted

If you followed the link to jans thread on admin protection, there are details there on preventing that hack.

 

Also if they got in you have'nt password protectection you think, you should get a popup asking for password when you go there, again see jans thread.

 

 

 

You did'nt follow the instructions fully!! configure changes!!

 

Hi Sam

 

Thanks for your response. I have password protected my admin through my cpanel which was easy enough.

 

I changed my admin folder in my file manager. I then went to renamed_admin/includes/configures.php and changed the following:

define('DIR_WS_ADMIN', '/renamed_admin_directory/');

define('DIR_FS_ADMIN', '/your/path/to/directory/renamed_admin_directory/');

 

I then went to save the new details and my file manager gave me the message "fatal error whilst trying to follow your command"

I went back into the file again and it had just stayed as the same old ADMIN, so its like I cannot change it for some reason.

 

Is it possibly the permissions that are stopping me do so?

 

Is it enough for me just to have my file password protected through cpanel as well as the other security add-ons in "secure your site" thread?

 

thanks

Posted

Just to update you all, after many hours of back and to between my hosting company I have found that the problem was not me not following instructions.

 

It was in fact, the permissions on my configures.php being set at the wrong level.

 

all done and dusted now after my hosting company advised me of this and helped me change my permissions.

 

cath

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...