How to Secure OSCommerce; Is there a Faq or Tutorial?

[iksnizal]

Hello,

 

I have installed OSCommerce a few times and I am getting ready to learn how to set up a shop, but I was wondering if I should be securing directories and/or files in a certain way. Is there a FAQ or Tutorial for something like this?

I uploaded the tar.gz file to the server and unpacked it through SSH, but I am not sure if the it is fine with the defaults or if I should be editing anything. I would also appreciate any advice about securing the "admin" directory. I thought about a simple .htaccess password protection, but I thought I should post and see if anyone has any real experience with this.

 

Links and advice are appreciated,

Jim

[iksnizal]

I have read and done this from the installation tutorial:

 

"Rename the catalog/install folder or delete it.

Reset the permissions on /catalog/includes/configure.php to 644 (if you are still getting the warning message at the top set configure.php to 444 which is read only - this happens on some servers that have been updated for security reasons).

Set the permissions on /catalog/images directory to 777

Reset the permissions on /admin/includes/configure.php to 644

Create the dir /admin/backups and set the permissions to 777

Set the permissions on /admin/images/graphs directory to 777

 

You need to .htaccess your /admin directory so that it is password protected. You can use the password manager in your server admin area like cpanel."

[Guest]

Hmm, but I wonder if there is a 'best practices' document somewhere that points out to all the newbies what they should be looking out for. I.E making sure they have a firewall on their server, passwords changed, rootcheck, removing CC data from the database periodically, etc.