sparky79 Posted November 11, 2010 Posted November 11, 2010 hi all i keep getting hack files appearing, will a ssl cert solve this completly? or do i need settings changed on the site thanks andy
helpme:( Posted November 11, 2010 Posted November 11, 2010 Read the "How to secure your site" post here : http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/
germ Posted November 11, 2010 Posted November 11, 2010 Visit the link below: How to Secure Your Site Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable. (If you're still operating the pizza site) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
sparky79 Posted November 12, 2010 Author Posted November 12, 2010 the pizza shop just seemed to be clashing on the same server and os shop, changing the cache setting seemed to sort this problem i have no idea on programming and seem to do more harm than good. i currently get malware come up on antivirus i have two folders that i think are hacked ".chh" and ".news". do these look like the problem? or are they normal folders that have been altered? if i follow the link and do all the other securing bits would i still benifit from a ssl cert? and would a ssl cert be enough anyway to protect my site? thanks
BryceJr Posted November 12, 2010 Posted November 12, 2010 i currently get malware come up on antivirus Scan your computer for malware also. i have two folders that i think are hacked ".chh" and ".news". do these look like the problem? or are they normal folders that have been altered? Those folders are not typical oscommerce folders. If you did not put them there, somebody did. if i follow the link and do all the other securing bits would i still benifit from a ssl cert? The security link posted above is primarily for you, the store owner. If you keep getting hacked, how are you suppose to manage your store? You need to secure your store. The primary purpose of getting a ssl certificate allows you, as the store owner, to enable a security protocol that protect your customers' data while shopping in your store. It is probably a legal requirement in your state/country. If you enable SSL in your admin(oscommerce), it will encrypt your session. As the store owner, you benefit from this. andwould a ssl cert be enough anyway to protect my site? In short, NO! Follow the security link posted above. There is more to security than just acquiring SSL.
germ Posted November 12, 2010 Posted November 12, 2010 the pizza shop just seemed to be clashing on the same server and os shop, changing the cache setting seemed to sort this problem i have no idea on programming and seem to do more harm than good. i currently get malware come up on antivirus i have two folders that i think are hacked ".chh" and ".news". do these look like the problem? or are they normal folders that have been altered? if i follow the link and do all the other securing bits would i still benifit from a ssl cert? and would a ssl cert be enough anyway to protect my site? thanks Read this If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
MrPhil Posted November 12, 2010 Posted November 12, 2010 Since the OP (sparky79) seems to be extremely confused about what an SSL certificate will do for him, let me give him the Two Minute Tour. SSL encrypts traffic in both directions between your site and a customer's browser. This greatly reduces the chances of someone "listening in" on the traffic (data flow) and picking out interesting stuff such as credit card numbers or passwords. osC is designed to place certain pages containing "sensitive" data (e.g., passwords) under SSL protection (you see https: in the URL). Of course, you need to have an SSL certificate installed, and your store needs to be properly configured in the the two configure.php files, for SSL to be used where necessary. That's the good news. The bad news is that SSL has nothing to do with site security itself. It won't stop someone getting in if they've stolen your passwords (e.g., have spyware on your PC to pick up your passwords or you use non-SSL connections to access the server, thereby exposing your passwords to snoopers), or if you have dumb permissions on directories and files that let any other user sharing your server to write to your files, or you failed to secure your site and left admin and file_manager and define_language unguarded,or your host has a security breach. SSL on your site won't do a thing for those security exposures -- it's not a cure-all.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.