Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Enhanced security for osC 2.3.1 - Which add-ons to use?


Recommended Posts



As an non security expert I (have to) presume that osC 2.3.1 is a safe trading platform, able to deal with common hacking threads like SQL injection.


Going through the add-ons you encouter numerous extensions offering additional security. Most of them were developed for osC 2.2. Can anyone tell me which of the contribtions listed below should still be considered relevant for an osC 2.3.1 shop owner?




Security Pro http://addons.oscommerce.com/info/5752

Protect your site via htaccess http://addons.oscommerce.com/info/6066

ANTI Cross Site Scripting attacks http://addons.oscommerce.com/info/6044

SiteMonitor http://addons.oscommerce.com/info/4441

Check Permissions 1.0 http://addons.oscommerce.com/info/6134




Secure your site with an IP trap http://addons.oscommerce.com/info/5914

"Anti Hacker Login (security) for osCommerce (AHL4osC)

" http://addons.oscommerce.com/info/7580

Activation Code http://addons.oscommerce.com/info/5241




Auto mysql backup http://addons.oscommerce.com/info/3100

Admin Account with Access Level http://addons.oscommerce.com/info/1174

fatFrog Security http://addons.oscommerce.com/info/7825


Please feel free to add suggestions for other add-ons if you think some essential item is missing or you have a better alternative.


Kind regards,



Link to comment
Share on other sites

There is a PHPIDS contrib that will help defend against SQLi and other attacks. http://www.oscommerce.com/community/contributions,8217/page,66


Possibly a great option you guys are overlooking. People that execute SQLi attacks actually use the PHPIDS demo as a smoke test for attacks before trying against systems they know to have IDS/IPS. The downside is there is no obscurity, the upside is that there is no obscurity.


Also recommend getting intimate with .htaccess and chmod, and give your logins strong passwords.

Link to comment
Share on other sites

I have a question related to htaccess....after my installation when I click on the "administration" tab, it recommends that I use htaccess, but then says if I do - I can't access the admin panel...



Enabling the htaccess/htpasswd security layer will automatically store administrator username and passwords in a htpasswd file when updating administrator password records.

Please note, if this additional security layer is enabled and you can no longer access the Administration Tool, please make the following changes and consult your hosting provider to enable htaccess/htpasswd protection:"


So how do you make all the changes to your store if you can't acces the admin panel anymore? Suggestions? Please advise, I have never used the .htaccess before -


thank you all


Link to comment
Share on other sites

@ Chris


I have implemented Security Pro.


The documentation states:


The XSS .htaccess contributions in my opinion are worthless if this is installed as they simply replicate a small part of what Security Pro does. The only exeption to this that I could see was the REQUEST_METHOD and TRACE|TRACK.


Does this mean I can ignore the ANTI Cross Site Scripting attacks contribution?



Another contribution I find useful is:


Send eMail from admin-login when wrong provider http://addons.oscommerce.com/info/7323


to alert you of any unauthorised logins.



@ Charlene


Although the issue is strictly not part of this thread: The warning you're refering to is "in case of non-standard behavior". Normally, you can login to the admin section after enabling the htaccess/htpasswd security layer.


Kind regards,



Link to comment
Share on other sites

  • 2 months later...



You keep asking the same questions and receiving the same answer.....UPDATE the contribution to function with v2.3.1. If you can't update it yourself, find someone to do it for you, it may cost you some money, but it will be done and you can then use it.





Link to comment
Share on other sites

Have a look at os_sec





Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile


Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.


For links mentioned in old answers that are no longer here follow this link Useful Threads.


If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...