Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Administration and Security Check Warnings Any advice?


steveinbaz

Recommended Posts

Hi

well I have been on to my host team about this and they aint interested in helping me get the best from my little OScommerce shop.. understand its a basic thing to most, but I am an absolute novice and I haven't got a clue how to do this.

Can any one offer me a brief step by step on how to sort these issues out please?

I am getting warnings in two areas of my admin area (please see pics)

One in 'administrators'

post-333658-0-08667800-1422452814_thumb.jpg

One in 'security Checks'

post-333658-0-42704600-1422452815_thumb.jpg

theres something about adding options -indexes to a .htaccess file.. But I cant image that you just put that text in there anywhere?

also it mentions.htpasswd_oscommerce.. which I can't seem to find anywhere.


Perhaps I shouldn't have attempted installing OSC with no real knowledge, but it was offered through my host and.. well I have managed to get this far.. But I am despairing with this.

Would there be anyone who could explain in idiot proof terms what I need to do please. I will be so grateful to get this part over and done with and get on with my site.

Thanks kindly
Steve

 

Link to comment
Share on other sites

Your hosting control panel should offer a "one button" way to add password protection to your "admin" directory. Try to use that if at all possible, before fooling around with manually adding various files. Note that 1) "admin" should have been renamed to something unguessable, and configure.php updated accordingly, 2) only "admin" should be under password access control, not the entire shop (i.e., no password protection for customer part of store).

 

The /ext/ directory can have its own .htaccess file, with Options -Indexes. However, note that 1) many servers now forbid using this method (Options), and 2) this won't work on a Windows server. In either case you can simply add an empty file index.html to that directory,

Link to comment
Share on other sites

Much appreciated MrPhil, I have sorted the ext/ directory htaccess issue..

But on the first part.. Are you basically saying rename the admin folder.. then in public_html/admin/includes/ edit configure.php, basically changing all of the occurences of 'admin' to whatever I rename it? No other changes anywhere?

THEN.. password protect the folder? (which yes I can do in cpanel)

Link to comment
Share on other sites

You'll probably have to rename "admin" first, update configure.php, and then add password protection. It should certainly work in that order. There's a good chance that hosting password protection will have the "admin" name in a file somewhere, and may not update it if you rename the directory after password protecting it.

 

You should only have to change one entry in configure.php (I forget if it's both admin and catalog, or only admin). That's the whole purpose of having an entry in configure.php.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...