Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to secure v2.3.1


Guest

Recommended Posts

I'm sure this question has been asked a million times, so apologies.

 

I tried to find the direct answer but obviously my search skills suck.

 

I just installed v2.3.1. Do I need to make all of the security updates I made for 2.2?

 

I can't find the information for 2.3.1.

 

I saw some funky user that looked like they signed onto my admin, also (on the dashboard, but of course I can't find it now).

 

Thank you and pardon my time suck in advance (didn't someone call that a help vampire or something like that?).

 

I haven't looked at any of this stuff in ages and when I did it was older versions. :'(

Link to comment
Share on other sites

Lillian,

 

 

There are currently no code edits for v2.3.1, so just add the 5 'must have' security contributions.

 

 

 

 

 

Chris

Link to comment
Share on other sites

Lillian,

 

 

There are currently no code edits for v2.3.1, so just add the 5 'must have' security contributions.

 

 

 

 

 

Chris

 

Sorry for being a bonehead again, but where are those listed/which one's are they? Are they in the 2.2 sticky thread?

 

I assume two of them are site monitor and the ip trap thing? You are talking about coding contributions, yes? Not all of the .htaccess changes?

 

Do I still need to rename admin since the file system admin is gone?

 

I'm very embarrassed to keep nagging everyone, and being so uninformed, but I really do need the information.

 

Thank you very much in advance.

Link to comment
Share on other sites

Lillian,

 

 

Yes, the same ones as 2.2, but the 2.3.1 versions of them. Don't be embarrassed to ask questions, the only dumb question is one that is never asked.

 

 

 

 

Chris

Link to comment
Share on other sites

FWR in a security post in September 2010 said about security, "Secure any writeable directories with a .htaccess file to turn off the php engine and block the running of potentially dangerous scripts."

 

I have installed OsCommerce 2.3.1 as a clean install.

 

I have performed all the security issues, i.e. renamed my admin directory, password protected it, secured the recommended directory permissions, have .htaccess in the directories, etc.

 

I have installed FWR Security Pro and FWR KISS_Filesafe.

 

 

My question is: My host company does not allow "php_flag engine off" in it's .htaccess files. So I must turn the engine off in php.ini.

 

Must I place a copy of the php.ini file which has the php engine turned off in ALL writable directories, including public_html/, images/, pub/, admin/backups, etc, all the directories that the admin panel suggests I keep as writable?

 

Sorry if this has been answered in another forum.

 

Thanks for your help.

Link to comment
Share on other sites

Lillian,

 

 

Yes, the same ones as 2.2, but the 2.3.1 versions of them. Don't be embarrassed to ask questions, the only dumb question is one that is never asked.

 

 

 

 

Chris

 

Thanks a bunch!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...