Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

secure configure.php how to


Francys

Recommended Posts

I would like answers regarding the best practices to secure configure.php in admin and client side from all types of intrusions.

 

Apart from admin (which needs to be renamed) and filemanager.php, define_languages.php that should be removed is there any particular file that comes with the original package of oscMC2.2 that needs some tunning up to do for secures.

 

thanks in advance

Link to comment
Share on other sites

I would like answers regarding the best practices to secure configure.php in admin and client side from all types of intrusions.

 

Apart from admin (which needs to be renamed) and filemanager.php, define_languages.php that should be removed is there any particular file that comes with the original package of oscMC2.2 that needs some tunning up to do for secures.

 

thanks in advance

 

I don't know if my question is dumb but if it is please say something... constructive answers are always appreciated and i am really eager to learn with your help thanks.

Link to comment
Share on other sites

Look for the .htaccess file in the directory with your configure.php file. Does it have this code in it?

<Files *.php>
Order Deny,Allow
Deny from all
</Files>

 

Hi and thank you very much for answering my question.

 

Yes it has that code (both the client side and admin)... is it everything i need? thanks in advance

Link to comment
Share on other sites

Hi and thank you very much for answering my question.

 

Yes it has that code (both the client side and admin)... is it everything i need? thanks in advance

Check to see if it works...

http://your_site.com/catalog/includes/configure.php

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Check to see if it works...

http://your_site.com/catalog/includes/configure.php

 

it's not openning ... i think mate it means it is secured right :) ?!

 

Thank you for taking your time to answer some newbie questions (and actually making lot a difference by helping me to me :)

Link to comment
Share on other sites

it's not openning ... i think mate it means it is secured right :) ?!

IF you changed the URL to your domain AND your shop is installed at /catalog/. I can't be sure without knowing your store URL.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

IF you changed the URL to your domain AND your shop is installed at /catalog/. I can't be sure without knowing your store URL.

 

How come we can't be sure? i tested it with proper path and it's not opening... can u explain what else can go wrong so i can check thanks :)

Link to comment
Share on other sites

How come we can't be sure? i tested it with proper path and it's not opening... can u explain what else can go wrong so i can check thanks :)

I can't only because I don't know with any certainty what your directory structure is. You can becuase you know what it is. Hackers send multiple hack attacks to common directory paths to attempt their hacking, and use information gathered from other sources. Having non common directories (like renaming admin folder) shelp to slow them down, but will never completely stop them. If you know your own paths and directory structure and you get 404 Error codes then it all likely works. The problem is, when a new hacking method is discovered it is because someone has become a victim.. and it's going to be one of us. And until we spread the word and everyone gets patched for that particular hack many of us will be vulnerable and not even know it. Fellowship here is what helps protect us by spreading the word faster and providing each other with the fixes....fast.

 

So, can we ever be sure we cannot be hacked? No... Can we take reasonable steps to fix the known holes? Yes.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Well very true!

 

Also i have verified all the file permissions around the folders and altered the few who had 0777 to below 0755, so the vast majority is well under 755 and its working (i tested and works).

 

On another issue if possible (still in Security subject) i am using FWR security pro - a must have contribution and had to exclude redirect.php since the pdf URL's were not openning properly... do you think this can be done in another way or redirect.php can be excluded with no major security breach... FWR said it could be changed the pdf script, but i don't know what the particular file is and if possible sort this without messing with code.

 

You are so helpfull that i really had to see if you can answer this also (lol) i hope im not being annoying with so many questions :) if you think you can add something to this please do. If not thank you for the above explanations.

Link to comment
Share on other sites

Well very true!

 

Also i have verified all the file permissions around the folders and altered the few who had 0777 to below 0755, so the vast majority is well under 755 and its working (i tested and works).

 

On another issue if possible (still in Security subject) i am using FWR security pro - a must have contribution and had to exclude redirect.php since the pdf URL's were not openning properly... do you think this can be done in another way or redirect.php can be excluded with no major security breach... FWR said it could be changed the pdf script, but i don't know what the particular file is and if possible sort this without messing with code.

 

You are so helpfull that i really had to see if you can answer this also (lol) i hope im not being annoying with so many questions :) if you think you can add something to this please do. If not thank you for the above explanations.

FWR is the expert on that, of course. I don't think I could offer anything more useful.

Community Bootstrap Edition, Edge

 

Avoid the most asked question. See How to Secure My Site and How do I...?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...