Jump to content
Latest News: (loading..)

Search the Community

Showing results for tags 'security'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • News and Announcements
    • News and Announcements
    • Partner Announcements
    • Ambassadors
  • Commercial Support
    • Developer Feedback
  • osCommerce Online Merchant v2.x
    • General Support
    • Installation and Configuration
    • Upgrading from Earlier Versions (v2.x to v2.x)
    • Add-Ons
    • Tips and Tricks
    • Security
  • Development
    • osCommerce Online Merchant v2.4
    • osCommerce Online Merchant Community Bootstrap Edition
    • osCommerce Online Merchant v3.x
    • Development Proposals
  • General
    • Next Steps / Optimizations / Marketing
    • Live Shop Reviews
    • E-Commerce Laws
    • General Discussions
    • PHP / SQL / Web Design
  • oscBooks and oscTemplates's Announcements
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements
  • German Community's OSCOM v2.x
  • German Community's Allgemein
  • German Community's OSCOM v3.x

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Real Name





Found 6 results

  1. On our action recorder, there are over 50 failed login attempts from one day this week. They tried around 5 different usernames that relate to our company including company name, admin, and root. Can anyone offer some insight on why this is happening and if it's someone trying to breach our osCommerce system? Thanks in advance.
  2. Hi everyone I'm hiring a profesional to made un upgrade of my oscommerce. He told me that he can create a test copy in his server. It's safe to give him a copy of actual ftp files and database backup? Are there any sensible infos that he can use to attack my actual or future instalation? Thanks
  3. Jack_mcs

    Minor Security Issue

    I've ran across a security issue that everyone should be aware of. I recently worked on two, unrelated, shops that had been hacked. One was an RC2 shop while the other was a fairly recent BS shop. Both had renamed admin directories. I was not able to find the way in the hacker used since the hacking had occurred over a month before in both cases. However, the change made by the hacker was the same in both cases. Code was added to the checkout pages to record the customer details and to write them to a .txt file in the admin/includes/local/ directory. It turns out that that directory (any directory in admin) is not protected with the normal on-page login. So without being logged in, the hacker could read the file by going to https://example.com/admin/local/hacker.txt. You can test this on your own site by visiting https://your domain/your admin/local/README The README file is a standard file included in all oscommerce versions. If you can read that file via the url, then your admin is not secure. The fix is to add a popup login using the .htaccess method. This change won't prevent the reason it happened in the first place but it will prevent the data from being used should it happen.
  4. Hello, wanting to install the module "Paypal App" link http://addons.oscommerce.com/info/9184 when copying the file into the shop, I discovered that there's 6 folders and 1 file named : "admin". These are the directories: : d1: paypal app-4_039/catalog/admin/ d2: paypal app-4_039/catalog/includes/hooks/admin/ d3: paypal app-4_039/catalog/includes/apps/paypal/admin/ d4: paypal app-4_039/catalog/includes/apps/paypal/hooks/admin/ d5: paypal app-4_039/catalog/includes/apps/paypal/languages​/English/admin/ d6: paypal app-4_039/catalog/includes/apps/paypal/languages​​/English/hooks/admin/ and this file: f1: paypal app-4_039/catalog/includes/apps/paypal/languages​​/English/admin.php - For the first file d1, no problem, I'll just copy its contents into the admin folder of my shop (I've already renamed). - For folders until d6 d2 and f1 file: That's my question. It must rename or not? (For security measures). Thank you in advance for your help.
  5. osC OpenSSL Encryption with jCryption - Support thread - Without a SSL certificate the data posted on your shop might be visible to third parties, e.g. your admin username and password. With this Add-On all form data will be encrypted using OpenSSL before it's posted to the server and then decrypted on your server, greatly enhancing the security for you and your customers. How does this work client requests RSA public key from server client encrypts a randomly generated key with the RSA public key server decrypts key with the RSA private key and stores it in the session server encrypts the decrypted key with AES and sends it back to the client client decrypts it with AES, if the key matches the client is in sync with the server and is ready to go everything else is encrypted using AES Source: http://www.jcryption.org/#howitworks Features for this Revision: Support for and tested on osCommerce 2.3.4 Should work for most osCommerce versions with minimum modification. Tested successfully on Google Chrome, Firefox and IE Encrypts all Form Data with OpenSSL Works on both catalog and admin side of shop Uses jCryption library. Screenshots included in package. Download Add-On here: http://addons.oscommerce.com/info/9333
  6. MySQLi Prepared Statement Automator This Add-On comes with the only guarantee of possibly causing you a lot of headaches. It looks like it's working quite well, but further testing is required ... - Support Thread - http://addons.oscommerce.com/info/9076