Jump to content
Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

spooks

How to secure your osCommerce 2.2 site.

Recommended Posts

Okay I am about to do the security installs tomorrow 17th May 2009.

 

So I should install them all, then how do I know if they are working or hindering genuine processes?

 

How do I check the security options are correctly installed and working?

 

Thanks

Johnny


Getting better with mods but no programmer am I.

Share this post


Link to post
Share on other sites

some tests are already detailed in this thread, for others look at the relavent contrib docs & support thread.

 

Clearly it would not make sense to put a list of tests here, as you would be creating a list on how to hack osC, which would be a very bad idea for all those without these!!

 

If you search the net u should find some.

 

:)


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Hi,

 

I have only installed site monitor, httaccess I have already with some of the issues ressolved.

 

The problem with the rest is brief suggestion of the problems that could occur, and whilst I need to protect my site, I need to fully understand what the implications/ problems installing some of these security scripts are.

 

Thanks

Johnny


Getting better with mods but no programmer am I.

Share this post


Link to post
Share on other sites

Have you read the contribution descriptions and documentation that comes with each one?

 

Whilst it is wise not to just sling anything onto your site if you want to "fully understand" I would suggest you go on a few web security courses or spend a few hours at least googleing some of the key terms in the documentation.


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

I might have missed the boat here as I've noticed no one has posted for a few weeks but if anyone is still out there can you help?

 

I have installed SecurityPro and IP Trap. Have checked every folder and file for permissions. When I try the htaccess add on I just get "Internal Server Error, this is an error with your script, check your error log for more information." I have read all posts but all I can find is a reply that suggests you start removing parts of it from the bottom up. Unfortunately I ended up removing all of it before it work.

It must be the way I'm putting it on.

Can anyone help please?

Cheers

Andrea

Share this post


Link to post
Share on other sites
I might have missed the boat here as I've noticed no one has posted for a few weeks but if anyone is still out there can you help?

 

I have installed SecurityPro and IP Trap. Have checked every folder and file for permissions. When I try the htaccess add on I just get "Internal Server Error, this is an error with your script, check your error log for more information." I have read all posts but all I can find is a reply that suggests you start removing parts of it from the bottom up. Unfortunately I ended up removing all of it before it work.

It must be the way I'm putting it on.

Can anyone help please?

Cheers

Andrea

 

Had another go "Trial and Error" the 2 sections which throw up the internal server error are the first and last options ie:

 

# Deny domain access to spammers and other scumbags

RewriteEngine on

 

php_flag register_globals off

 

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots

 

Deny from env=block_bad_bots

 

and

 

 

FORCE TYPE

<Files site>

 

ForceType application/x-httpd-php

 

</Files>

 

 

Has anyone any idea what I need to do to make these 2 work. I don't know what "Force Type" is all about but i fancy the "Deny domain access to spammers and other scumbags" bit.

 

I know it's sunny and everyone, quite rightly, is in the garden but any help would be appreciated

Cheers

Andrea

Share this post


Link to post
Share on other sites

Sam, thank you for the wonderful post.

 

I have installed security pro, and then moved onto Ip Trap. I have followed the instructions and I have tested it but all that happens when I type in mywebsite/catalog/personal is that it comes up with the browser error message of http 404 not found. Does anyone have any suggestions as to why it isn't working? One thing I was confused about during the installation is that there was 2 robot.txt files. I have put one in the catalog folder and the other one in the root, is this right?

 

 

Any help is much appreciated, I'm sure my brains going to explode before the days out, lol

 

 

 

 

Chris.

Share this post


Link to post
Share on other sites

Right, still got the problem with ip trap and now have another problem. I have installed site monitor and once I configured it in the admin I clicked update and this error message came up 'Cannot change the mode of file (/var/www/vhosts/mywebsite/httpdocs/catalog/admin/sitemonitor_configure.php)'

 

Anybody got any idea's,

 

 

 

 

 

 

Chris. (brain cannot take much more of a hammering,lol)

Share this post


Link to post
Share on other sites

have u added the htaccess file?

 

Best to post in the contib support thread


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

s b4 post in the contib support thread


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Still got the first 2 problems and now I am having trouble with the ht.access contribution. I take it you just copy and paste all the scripts straight into the ht.access file and only adding my website address where required (if I am wrong then please correct me). However I have had a look at the folders and I have got 2 ht.access files, 1 in the admin folder and 1 in the catalog folder. Which file should I put these scripts in?

 

 

 

 

Chris

Share this post


Link to post
Share on other sites

place it in the root, then it will apply to all sub-folders, if you then have sub-folders with their own files, those rules will apply to them also.

 

take care when creating, u may create syntax errors by mistake, I use word pad & save in text mode


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Hi Sam, thank you for your reply,

 

I have done what you said and now when I try and bring up the website I recieve this message in the browser

 

'Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator, my-email-address and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.'

 

 

 

Has anyone got any idea's as to what this could be? I placed it in the root of the catalog folder and that didn't work so I tried it in the root of httpdocs and that didn't work either.

 

 

 

Cheers,

 

 

 

 

Chris.

Share this post


Link to post
Share on other sites

the file goes in public_html, thats your root!!

 

your error means you have an error in the file, as I said take care!!

 

empty the file & add everything back in sections, see when the error comes back


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

I have not got a public.html file but I have got a pub folder and I found another ht.access file, I altered that one and it didn't work. I then remove all what I had changed and that didn't work. I have now been waiting for 10 minutes after trying to restore the database and that doesn't seem to be working. Maybe it's a server error?

 

I am not having any luck at the moment, I can't get any of the suggested security measures to work and it's now 3 long days I've spent trying to get some sort of security. I'll try again tomorrow and hope that the server soughts itself out.

 

 

 

 

Chris.

Share this post


Link to post
Share on other sites

Right I've managed to put the scripts into the file and the website works but I had to leave 3 of the scripts out. The 3 scripts were:

 

1) The images script

2) Ban Turkey

3) The very last script

 

Is there a way of testing the site to see if these scripts have worked?

 

 

 

 

Thanks,

 

 

Chris.

Share this post


Link to post
Share on other sites

there is plenty on the net http://corz.org/serv/tricks/htaccess2.php is a good resource


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Hi Sam, thanks for the link, that info is very useful.

 

I have now installed iptrap, security pro and the htaccess scripts and they seem to be ok, I like the trap by the way : ) The problem I am having now is with site monitor. I have installed it and configured it but when I click the top button it comes up with this message 'Reference file creation failed.' , does anyone know why this is so?

 

 

 

Cheers,

 

 

 

 

Chris.

Share this post


Link to post
Share on other sites

I've installed my shop with installatron.

There's a .htaccess in the root.

Is my site automaticaly secured with htaccess or isn't?

 

this is the site www.bestelmondkapjes.nl

Share this post


Link to post
Share on other sites
Hi Sam, thanks for the link, that info is very useful.

 

I have now installed iptrap, security pro and the htaccess scripts and they seem to be ok, I like the trap by the way : ) The problem I am having now is with site monitor. I have installed it and configured it but when I click the top button it comes up with this message 'Reference file creation failed.' , does anyone know why this is so?

 

 

 

Cheers,

 

 

 

 

Chris.

The reference file has to be writeable.


The Coopco Underwear Shop

 

If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.

Share this post


Link to post
Share on other sites
I've installed my shop with installatron.

There's a .htaccess in the root.

Is my site automaticaly secured with htaccess or isn't?

 

this is the site www.bestelmondkapjes.nl

 

no, u must add the relavent scripts


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites
The reference file has to be writeable.

 

i've got the same problem, but I cant find a reference file.

Where can I find it ?

Share this post


Link to post
Share on other sites

The reference file is catalog/admin/sitemonitor_reference.php

 

If it is not there try creating an empty file of that name and putting it in catalog/admin and running the top option in the site monitor admin area again

 

Martin


OsC CE Frozen   PHP 7.1   MySQL 10.1.35-MariaDB-cll-lve

Share this post


Link to post
Share on other sites
The reference file is catalog/admin/sitemonitor_reference.php

 

If it is not there try creating an empty file of that name and putting it in catalog/admin and running the top option in the site monitor admin area again

 

Martin

done, but it's still not working :(

Share this post


Link to post
Share on other sites

×