How to secure your OsCommerce store?
Posted by admin on December 17 2008 16:50:14

How to secure and make safe your OsCommerce store?

Lots of people ask this all too often, especially after they think they've been hacked, so the answers are all here.

You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752

You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441

You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914

You can add htaccess protection http://addons.oscommerce.com/info/6066

You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044

Also make sure that all files, except for the two configure.php files have permissions no higher than 644.

The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct.

Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts.

You can add http://addons.oscommerce.com/info/6134 to assist with permission settings.

Secure Config File - This mod will move the shop/includes/configure.php file to below the public_html folder, a more secure location.

SecureTrading STability - Integrates with the SecureTrading STability payment gateway. Note this is the simple version - not the more advanced STability Server which uses an XML Payment Client.

Secure your site with an IP trap - The contribution works by setting up a trap in a folder that only bad bots, or someone poking around in your site will come across (hackers use the Robots.txt to try and find sensitive file on your server) it then redirects then to a message page that tells them they are blocked, at the same time writing their IP number to file. If they try to return they will only get the blocked message.


Secure Admin Login - Logout - One major security problem that we needed to solve is that anyone can use the backspace button on their browser to get back into secure areas on many web sites after logoff. We have merchants using their shopping carts in their stores where security is important from customers and other employees.

Secureandpay module for osCommerce - finally the secureandpay module for osCommerce is ready

Protect your site via htaccess - This contribution contains scripts that help you protect your site via your htaccess file. I came across it as I was researching a problem and thought it would be very handy for sharing. Some great tools here for your protection.