Find content
The other security thread is good, but times have moved on. Here are my base suggestions (in no particualr order) for securing a unhacked site;
1. Security Pro from FWR Media
2. OSC SEC from Taipo
3. Filesafe from FWR Media
4. Add htaccess to all public folders
5. Rename /admin/ and htpasswd it
6. Remove references to (newly renamed) admin area in outgoing emails
7. Add extra login parameter (JanZ)
8. Fix $PHP_SELF spoofability
Bad Conduct from Debs (undecided on this, I am still "road-testing" it).
I am not in favour of IP trapping, as most hackers don't use their own IP addresses.
If anyone has any extra thoughts on this, please post.
For securing a hacked site - exactly the same, but make sure that the hack is cleaned out first. This can be done by manually inspecting the files and removing any files/code that is not supposed to be there. Or by re-installing from a known unhacked backup. Or of course, starting from scratch with a brand new install of oscommerce.
- osCommerce Support Forum
- → Viewing Profile: burt
Latest News: (loading..)
About Me
Finally finished the "How to Design osCommerce 2.3.1" eBook
It's exclusively available at oscbooks.com
Services Offered
What I do not offer
Disinfect your site of the hack (by using your clean backup, or getting the site professionally cleaned), then follow the instructions in this thread.
It's exclusively available at oscbooks.com
Services Offered
- Hack Disinfection and Securing of osCommerce a speciality...(over 140 completed, just 1 rehack due to virus on clients computer)
- Upgrade osCommerce from 2.2 to 2.3.1
- Bespoke Site Builds
- Templates & Theme Development
- New Module Development & Existing Module Enhancement
- Monthly Maintenance Contracts
What I do not offer
- Website Hosting
- Washing Up
Disinfect your site of the hack (by using your clean backup, or getting the site professionally cleaned), then follow the instructions in this thread.
Community Stats
- Group Community Member
- Active Posts 6,491 (1.89 per day)
- Most Active In General Support (2960 posts)
- Profile Views 76,123
- Age Age Unknown
- Birthday Birthday Unknown
-
Real Name
G Burton
-
Gender
Male
-
Location
UK/DEVon/NULL -> get it, hardeharhar.
80
Excellent
Friends
Latest Visitors
Topics I've Started
Updated Security Thread
16 May 2011, 11:45
Revamp Checkout
04 March 2011, 16:28
In my new site, I want to have nothing other than create_account (which will be only name, email, password) and checkout_confirmation.
What I then want is to have the customer go to their order_history to pay. Here I envisage payment via a button for each payment method offered;
[ click here to pay by paypal ]
[ click here to pay by RBS Worldpay ]
and so on. Once paid, all buttons disappear.
Anyone developer already done anything like this? Any input appreciated.
What I then want is to have the customer go to their order_history to pay. Here I envisage payment via a button for each payment method offered;
[ click here to pay by paypal ]
[ click here to pay by RBS Worldpay ]
and so on. Once paid, all buttons disappear.
Anyone developer already done anything like this? Any input appreciated.
- osCommerce Support Forum
- → Viewing Profile: burt
- Forum Rules
