A Little Insight and guidance going forward.
Posted 16 September 2010 - 05:23 PM
let me know what you think so far, as well as any suggestions for making the overall presentation look better. to me it just looks bland right now and i'm not sure where to go from here.
Posted 16 September 2010 - 05:31 PM
BEFORE making any further cosmetic changes, consider securing your site. Your admin folder should be renamed. You have installed the mindsparx template incorrectly. You still have file_manager and define_language enabled and your images folder is accessible.
Read these before you end up losing the entire site to a red bull drinking hacker wanna-be:
See my Profile (click here)
Posted 16 September 2010 - 05:45 PM
Thanks for the info i've looked over both links you gave.. Tried renaming the admin folder, changing the lines in the configure.php (/admin/includes/configure.php) and of course i can't upload the file it just fails.
How did i install the mindsparx template incorrectly? it works...
how do i turn file_manager and define_language off?
and what harm is having my images folder being accessible?
note that this is NOT the stores final location, this is more of the development location of the store on a website I had lying around doing nothing...
It should also be noted that I installed oscommerce via fantastico deluxe if that means anything...
Posted 16 September 2010 - 05:51 PM
When the mindsparx template is installed correctly the menu bar is not accessible from the admin log in screen.
You have to delete file_manager.php and define_language.php from the admin directory and then delete the links from the includes/boxes/tool.php file. Those files are HUGE security holes.
Having your permissions on the images folder accessible to hackers will allow them to place files into the folder. If you MUST have the permissions set to 777 then, you should .htaccess control the directory.
Since you installed with Fantastico, you should verify you are using the latest version (RC2a) and follow those threads I posted to update all of the security issues.
See my Profile (click here)
Posted 16 September 2010 - 06:04 PM
which image directory are we talking about and how to block access to it?
as far as the incorrect mindsparx installation, i followed the directions and thats what i came out with so i figured it was correct... perhaps that is just a login.php issue?
how do I verify that I am using the latest version? and if not how do I upgrade it without losing all the contibutions i've already installed (not a ton but i've done a bit of editing myself)
As far as following the threads, the first one just tells you to change the name of the admin folder, and edit a file that i can edit but cant upload (so no point in renaming the admin folder to begin with).. then of course the deletion of the file_manager and define_languages thing...
other than that all the information is either too much, or is presented in a way that makes me not even want to read it completely... and really since this isnt my store, i don't rightly care about all the security holes.. perhaps if i get it looking decent and what not i'll look into making it more secure -- but really worrying about security on a store that will be deleted in less than 4 months, a store that will never be promoted online or offline is pretty mindless and draining especially when presented in a way like both threads you've submitted.
Posted 16 September 2010 - 06:24 PM
(2.2 Release Candidate 2a + buySAFE)
So with that I'm guessing that it is in fact 2.2RC2a