Francys Posted February 23, 2010 Share Posted February 23, 2010 I would like answers regarding the best practices to secure configure.php in admin and client side from all types of intrusions. Apart from admin (which needs to be renamed) and filemanager.php, define_languages.php that should be removed is there any particular file that comes with the original package of oscMC2.2 that needs some tunning up to do for secures. thanks in advance Link to comment Share on other sites More sharing options...
Francys Posted February 24, 2010 Author Share Posted February 24, 2010 I would like answers regarding the best practices to secure configure.php in admin and client side from all types of intrusions. Apart from admin (which needs to be renamed) and filemanager.php, define_languages.php that should be removed is there any particular file that comes with the original package of oscMC2.2 that needs some tunning up to do for secures. thanks in advance I don't know if my question is dumb but if it is please say something... constructive answers are always appreciated and i am really eager to learn with your help thanks. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 25, 2010 Share Posted February 25, 2010 Look for the .htaccess file in the directory with your configure.php file. Does it have this code in it? <Files *.php> Order Deny,Allow Deny from all </Files> Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Francys Posted February 25, 2010 Author Share Posted February 25, 2010 Look for the .htaccess file in the directory with your configure.php file. Does it have this code in it? <Files *.php> Order Deny,Allow Deny from all </Files> Hi and thank you very much for answering my question. Yes it has that code (both the client side and admin)... is it everything i need? thanks in advance Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 25, 2010 Share Posted February 25, 2010 Hi and thank you very much for answering my question. Yes it has that code (both the client side and admin)... is it everything i need? thanks in advance Check to see if it works... http://your_site.com/catalog/includes/configure.php Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Francys Posted February 25, 2010 Author Share Posted February 25, 2010 Check to see if it works... http://your_site.com/catalog/includes/configure.php it's not openning ... i think mate it means it is secured right :) ?! Thank you for taking your time to answer some newbie questions (and actually making lot a difference by helping me to me :) Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 25, 2010 Share Posted February 25, 2010 it's not openning ... i think mate it means it is secured right :) ?! IF you changed the URL to your domain AND your shop is installed at /catalog/. I can't be sure without knowing your store URL. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Francys Posted February 27, 2010 Author Share Posted February 27, 2010 IF you changed the URL to your domain AND your shop is installed at /catalog/. I can't be sure without knowing your store URL. How come we can't be sure? i tested it with proper path and it's not opening... can u explain what else can go wrong so i can check thanks :) Link to comment Share on other sites More sharing options...
Francys Posted February 27, 2010 Author Share Posted February 27, 2010 double postsrylol Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 27, 2010 Share Posted February 27, 2010 How come we can't be sure? i tested it with proper path and it's not opening... can u explain what else can go wrong so i can check thanks :) I can't only because I don't know with any certainty what your directory structure is. You can becuase you know what it is. Hackers send multiple hack attacks to common directory paths to attempt their hacking, and use information gathered from other sources. Having non common directories (like renaming admin folder) shelp to slow them down, but will never completely stop them. If you know your own paths and directory structure and you get 404 Error codes then it all likely works. The problem is, when a new hacking method is discovered it is because someone has become a victim.. and it's going to be one of us. And until we spread the word and everyone gets patched for that particular hack many of us will be vulnerable and not even know it. Fellowship here is what helps protect us by spreading the word faster and providing each other with the fixes....fast. So, can we ever be sure we cannot be hacked? No... Can we take reasonable steps to fix the known holes? Yes. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Francys Posted February 27, 2010 Author Share Posted February 27, 2010 Well very true! Also i have verified all the file permissions around the folders and altered the few who had 0777 to below 0755, so the vast majority is well under 755 and its working (i tested and works). On another issue if possible (still in Security subject) i am using FWR security pro - a must have contribution and had to exclude redirect.php since the pdf URL's were not openning properly... do you think this can be done in another way or redirect.php can be excluded with no major security breach... FWR said it could be changed the pdf script, but i don't know what the particular file is and if possible sort this without messing with code. You are so helpfull that i really had to see if you can answer this also (lol) i hope im not being annoying with so many questions :) if you think you can add something to this please do. If not thank you for the above explanations. Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 27, 2010 Share Posted February 27, 2010 Well very true! Also i have verified all the file permissions around the folders and altered the few who had 0777 to below 0755, so the vast majority is well under 755 and its working (i tested and works). On another issue if possible (still in Security subject) i am using FWR security pro - a must have contribution and had to exclude redirect.php since the pdf URL's were not openning properly... do you think this can be done in another way or redirect.php can be excluded with no major security breach... FWR said it could be changed the pdf script, but i don't know what the particular file is and if possible sort this without messing with code. You are so helpfull that i really had to see if you can answer this also (lol) i hope im not being annoying with so many questions :) if you think you can add something to this please do. If not thank you for the above explanations. FWR is the expert on that, of course. I don't think I could offer anything more useful. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
Francys Posted March 7, 2010 Author Share Posted March 7, 2010 Ok thanks for your informations Regards Fc Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.