Jump to content

jaeare

Members
  • Content count

    5
  • Joined

  • Last visited

1 Follower

Profile Information

  • Real Name
    J Regan
  1. FWR please help. I totally deleted my website and installed OsCommerce 2.3.1 after I was hacked. I want to secure my web site. I performed the recommended security measures: admin folder renamed & password protected, write protected folders in the Admin Panel, and placed .htaccess files in folders. I installed your Security Pro and Kiss-Filesafe programs. Please clarify the Filesafe program instructions. 1. "Ensure that the data directory is writeable ( ...kiss_filesafe/data/)." Q: My filesafe data folder is writeable (0755), but the upper folders are not, i.e. modules/... kiss_filesafe/, NOR is the kiss_filesafe/classes/ folder. Is that correct? 2. "Now let's protect all those writeable directories! ( *nix servers only ) In every directory that is writeable add a new .htaccess file ( images directory, cache directories etc. ) containing: - php_flag engine off <Files ~ "\.(php*|s?p?html|cgi|pl|ini)$"> deny from all </Files> Note: php_flag does not work if PHP is installed as a CGI e.g. fastcgi." Q: I must turn the php engine off in php.ini. So, should I: --PLACE copies of the php.ini file which has the php engine turned off, AND --PLACE .htaccess files which include the above code (minus the flag command) in ALL the ADMIN CPANEL recommended writeable folders AND in the public_html folder? 3. I added your recommended cron job to my host's WGet program. When the Cron job runs, IS IT BEING ROUTED THROUGH THEPLANET.COM? After getting a bunch of RFI attacks and Wget malicious behavior from theplanet.com, I banned their IPs and any Wget commands via a .htaccess file in my public_html folder. My access log: 174.120.41.11 - - [24/Apr/2011:12:00:02 -0500] "GET /filesafe.php?auth=xxxxxxxx HTTP/1.0" 403 - "-" "Wget/1.11.4 Red Hat modified" WHOIS IP Address: 174.120.41.11 ISP: THEPLANET.COM INTERNET SERVICES I can browse to my website's url http://www.mywebsite.com//filesafe.php?auth=xxxxxxxx to manually run the /filesafe.php program, and receive an emailed report. Otherwise, I do not get emailed reports. Your response to my questions and any further suggestions are appreciated. Sorry this is so long and winded.
  2. Sorry, I forgot to mention I had changed the original " ' class="headerNavigation">' " to ' class="menu">' for my personal customization of the text in stylesheet.css. You can keep the original ' class="headerNavigation">' if you want to.
  3. I got the mod to work with STS templates. To have "registry" show up in the top menu when you are logged in you must have $myaccountlogoff listed there. Go to catalog/includes/modules/sts_inc/general.php. FIND around line 49: $sts->template['urllogoff'] = tep_href_link(FILENAME_LOGOFF, '', 'SSL'); ADD BELOW: $sts->template['registry'] = '<a href=' . tep_href_link(FILENAME_ADD_REGISTRY, '', 'SSL') . ' class="menu">' . HEADER_TITLE_ADD_REGISTRY . '</a>'; $sts->template['urlregistry'] = tep_href_link(FILENAME_ADD_REGISTRY, '', 'SSL'); For the same menu sequence as found on sammy solutions example page: "Registry | Log Off | My Account" FIND the next line down: $sts->template['myaccountlogoff'] = $sts->template['myaccount'] . " | " . $sts->template['logoff']; CHANGE TO: $sts->template['myaccountlogoff'] = $sts->template['registry'] . " | " . $sts->template['logoff'] . " | " . $sts->template['myaccount']; To have the message "You're in registry mode. Click here to leave the registry mode (# XXXXXX)" show up when you are in registry mode: The install.txt file that came with the mod has you modify catalog/includes/header.php with the below instructions. INSTEAD apply these instructions to the catalog/includes/modules/sts_inc/general.php file. FIND: ======================= <table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr class="headerInfo"> <td class="headerInfo"><?php echo htmlspecialchars(stripslashes(urldecode($HTTP_GET_VARS['info_message']))); ?></td> ADD AFTER IT: ======================= </tr> </table> <?php } if ($registry_mode_id != 0) { ?> <table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr class="headerInfo"> <td class="headerInfo"><?php echo '<a class="headerInfo" href="' . tep_href_link(FILENAME_DEFAULT, 'registry_mode_id=0') . '">' . REGISTRY_MODE_MESSAGE . ' (# ' . $registry_mode_id . ').</a>'; ?></td> I hope this helps.
  4. jaeare

    Product Description 1.3

    I loaded your Product_Truncated_Description_v_2 sql into my database, and I see I can no longer use my html code in my product name and description. How do I get that ability back, as I really need it?
×