DMDgo Posted June 23, 2011 Share Posted June 23, 2011 I have 4 OSCommerce sites which are hacked constantly. I'm able to deter the hackers at time but eventually they get in. Someone mentioned using HTACCESS to protect the admin panel. Does anyone know of this? Where can I find the info? or other fixes? The hacks seem to always be php file injection into firstories that accept uploads. i.e, images, etc. Link to comment Share on other sites More sharing options...
NodsDorf Posted June 23, 2011 Share Posted June 23, 2011 Read This: How To Secure Your Site You can use this site to help create a .htacces and .htpasswd file: Oscommerce-Solutions That said: Get rid of Filemanager.php and Define_languages.php files. They are nothing but security holes. Rename your Admin folder to something else and update your configuration.php file to reflect the new name Add htaccess and htpasswd for your new admin directory. Add Fwr Security Pro If your site has already been hacked there is a good chance they already stuck in a back door. So doing the steps above may not be enough. You need to evaluate every file to see if its a legit file. I have seen sites have very cleverly named back doors like account_history_full.php, or google_sitemap_feeder.php at first glance you think you need it after looking at the code you can see its a hack file. Additionally most hosting providers are going to use shared servers so there is also the possibility that any public file you have can get hacked through somebody elses security holes. Make sure all permissions are never higher then 755. Link to comment Share on other sites More sharing options...
NodsDorf Posted June 23, 2011 Share Posted June 23, 2011 Also you should add this .httaccess file to your images directory to prevent scripts from being run: # $Id$ # # This is used to restrict access to this folder to anything other # than images # Prevents any script files from being accessed from the images folder <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$"> Order Deny,Allow Deny from all </FilesMatch> Link to comment Share on other sites More sharing options...
DMDgo Posted June 23, 2011 Author Share Posted June 23, 2011 Also you should add this .httaccess file to your images directory to prevent scripts from being run: # $Id$ # # This is used to restrict access to this folder to anything other # than images # Prevents any script files from being accessed from the images folder <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$"> Order Deny,Allow Deny from all </FilesMatch> Thanks I've done this. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.