karoloydi 0 Posted November 3, 2013 I was looking in the sticky thread for oscommerce 2.2 security. It is suggesting to install the "Protect your site via htaccess" contrinution here: http://addons.oscommerce.com/info/6066 Is that still the best one to install? I also found this one that looks quite good and more recent: Hardcore security for oscommerce htaccess: http://addons.oscommerce.com/info/8296 Also the osc_sec. oscommerce security addon. It also includes .htaccess protection: http://addons.oscommerce.com/info/8283 Im also reading here about htacess password protect. Not sure what this is. Thanks in advance. Share this post Link to post Share on other sites
Taipo 36 Posted November 3, 2013 Each one of them serves a slightly different purpose. The middle link is just a test piece and should not be used on a live website. The last link will protect your website from the specific vulnerabilities that plagued version 2.2 of osCommerce. None of them add protection to your admin directory, that is something you will have to do via the cpanel folder protection feature. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Share this post Link to post Share on other sites
mhsuffolk 62 Posted January 24, 2014 The middle link is just a test piece and should not be used on a live website. Had 1st link in my old RC2.2a store no problems, am using it in my new 2.3.3.4 PHP 5.4.21 store, no problems. Have tried link 2 in the new store, all OK apart from, Options All -Indexes, php_value session.use_trans_sid 0 and turn off magic_quotes_gpc. Is your advice re the second link still current? Is the second more secure? Which one should I use now please. Martin Martin Live shop Phoenix 1.0.8.4 on PHP 7.4 Working my way up the versions. Share this post Link to post Share on other sites