Web Tool Bag  
Home · Articles · Downloads · Discussion Forum · Web Links · News Categories · Synonyms DatabaseJuly 18 2024 04:09:03
Discussion Forum
Web Links
News Categories
Synonyms Database
Users Online
Guests Online: 1
No Members Online

Registered Members: 856
Unactivated Members: 118
Newest Member: lakim
Forum Threads
Newest Threads
Error: Cannot find m...
Uncaught Error: _reg...
Module build failed:...
mochi script questions
Hottest Threads
Installation [12]
Any questions and... [5]
Captcha picture d... [4]
Integrate with Vi... [4]
Mods: Sucess/Than... [4]
Latest Articles
Ubuntu: the vpn conn...
Howto Install HP Pri...
ReactJS progress met...
How to secure your OsCommerce store?

How to secure and make safe your OsCommerce store?

Lots of people ask this all too often, especially after they think they've been hacked, so the answers are all here.

You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752

You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441

You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914

You can add htaccess protection http://addons.oscommerce.com/info/6066

You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044

Also make sure that all files, except for the two configure.php files have permissions no higher than 644.

The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct.

Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts.

You can add http://addons.oscommerce.com/info/6134 to assist with permission settings.

Secure Config File - This mod will move the shop/includes/configure.php file to below the public_html folder, a more secure location.

SecureTrading STability - Integrates with the SecureTrading STability payment gateway. Note this is the simple version - not the more advanced STability Server which uses an XML Payment Client.

Secure your site with an IP trap - The contribution works by setting up a trap in a folder that only bad bots, or someone poking around in your site will come across (hackers use the Robots.txt to try and find sensitive file on your server) it then redirects then to a message page that tells them they are blocked, at the same time writing their IP number to file. If they try to return they will only get the blocked message.

Secure Admin Login - Logout - One major security problem that we needed to solve is that anyone can use the backspace button on their browser to get back into secure areas on many web sites after logoff. We have merchants using their shopping carts in their stores where security is important from customers and other employees.

Secureandpay module for osCommerce - finally the secureandpay module for osCommerce is ready

Protect your site via htaccess - This contribution contains scripts that help you protect your site via your htaccess file. I came across it as I was researching a problem and thought it would be very handy for sharing. Some great tools here for your protection.

Posted by admin on December 17 2008 14:50:14 6597 Reads · Print
Rating is available to Members only.

Please login or register to vote.

No Ratings have been Posted.


Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
Member Poll
Which PHP framework do you preffer?





eZ Components






You must login to vote.
You must login to post a message.

03/10/2011 18:17
Hi, How to remove Register from Login screen? I don't want them to register and have full access! if you leave register then they should not have any rights until the admin assigns them

26/09/2011 08:28
Please describe your problem with more details. Thank you.

22/11/2010 18:31
Help. There was a problem with the request; error regarding feedbackzdr form program

Custom web software development by Devzone Tech
Copyright © 2024 - www.webtoolbag.com