karoloydi Posted November 3, 2013 Share Posted November 3, 2013 I was looking in the sticky thread for oscommerce 2.2 security. It is suggesting to install the "Protect your site via htaccess" contrinution here: http://addons.oscommerce.com/info/6066 Is that still the best one to install? I also found this one that looks quite good and more recent: Hardcore security for oscommerce htaccess: http://addons.oscommerce.com/info/8296 Also the osc_sec. oscommerce security addon. It also includes .htaccess protection: http://addons.oscommerce.com/info/8283 Im also reading here about htacess password protect. Not sure what this is. Thanks in advance. Link to comment Share on other sites More sharing options...
Taipo Posted November 3, 2013 Share Posted November 3, 2013 Each one of them serves a slightly different purpose. The middle link is just a test piece and should not be used on a live website. The last link will protect your website from the specific vulnerabilities that plagued version 2.2 of osCommerce. None of them add protection to your admin directory, that is something you will have to do via the cpanel folder protection feature. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
mhsuffolk Posted January 24, 2014 Share Posted January 24, 2014 The middle link is just a test piece and should not be used on a live website. Had 1st link in my old RC2.2a store no problems, am using it in my new 2.3.3.4 PHP 5.4.21 store, no problems. Have tried link 2 in the new store, all OK apart from, Options All -Indexes, php_value session.use_trans_sid 0 and turn off magic_quotes_gpc. Is your advice re the second link still current? Is the second more secure? Which one should I use now please. Martin Martin Live shop Phoenix 1.0.8.4 on PHP 7.4 Working my way up the versions. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.