Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

JBlack

A Little Insight and guidance going forward.

6 posts in this topic

Alright keep in mind here that while i've used oscommerce previously, I am still completely new to it's inner workings and how to accomplish things. I've done some modification to the store, but it just looks plain to me. I am looking for input on what i've currently done as well as how I can make it a little better possibly. I can do the graphics, but this oscommerce skinning is new to me so be gentle but be truthful.

 

http://yourbizdeals.com/store/

 

let me know what you think so far, as well as any suggestions for making the overall presentation look better. to me it just looks bland right now and i'm not sure where to go from here.

 

Thanks,

JBlack

Share this post


Link to post
Share on other sites

Justin,

 

BEFORE making any further cosmetic changes, consider securing your site. Your admin folder should be renamed. You have installed the mindsparx template incorrectly. You still have file_manager and define_language enabled and your images folder is accessible.

 

Read these before you end up losing the entire site to a red bull drinking hacker wanna-be:

 

Admin Security

 

Site Security

 

 

Chris

a1200 likes this

Share this post


Link to post
Share on other sites

Chris,

 

Thanks for the info i've looked over both links you gave.. Tried renaming the admin folder, changing the lines in the configure.php (/admin/includes/configure.php) and of course i can't upload the file it just fails.

 

How did i install the mindsparx template incorrectly? it works...

 

how do i turn file_manager and define_language off?

 

and what harm is having my images folder being accessible?

 

note that this is NOT the stores final location, this is more of the development location of the store on a website I had lying around doing nothing...

 

It should also be noted that I installed oscommerce via fantastico deluxe if that means anything...

Share this post


Link to post
Share on other sites

Justin,

 

When the mindsparx template is installed correctly the menu bar is not accessible from the admin log in screen.

 

You have to delete file_manager.php and define_language.php from the admin directory and then delete the links from the includes/boxes/tool.php file. Those files are HUGE security holes.

 

Having your permissions on the images folder accessible to hackers will allow them to place files into the folder. If you MUST have the permissions set to 777 then, you should .htaccess control the directory.

 

Since you installed with Fantastico, you should verify you are using the latest version (RC2a) and follow those threads I posted to update all of the security issues.

 

 

Chris

Share this post


Link to post
Share on other sites

I did the delete on the file_manager and the define_language.php correctly...

 

which image directory are we talking about and how to block access to it?

 

as far as the incorrect mindsparx installation, i followed the directions and thats what i came out with so i figured it was correct... perhaps that is just a login.php issue?

 

how do I verify that I am using the latest version? and if not how do I upgrade it without losing all the contibutions i've already installed (not a ton but i've done a bit of editing myself)

 

As far as following the threads, the first one just tells you to change the name of the admin folder, and edit a file that i can edit but cant upload (so no point in renaming the admin folder to begin with).. then of course the deletion of the file_manager and define_languages thing...

 

other than that all the information is either too much, or is presented in a way that makes me not even want to read it completely... and really since this isnt my store, i don't rightly care about all the security holes.. perhaps if i get it looking decent and what not i'll look into making it more secure -- but really worrying about security on a store that will be deleted in less than 4 months, a store that will never be promoted online or offline is pretty mindless and draining especially when presented in a way like both threads you've submitted.

Share this post


Link to post
Share on other sites

Tried to edit, but it wouldnt let me. I just checked Fantastico and this is what it tells me about the version of OsCommerce that it installed:

 

(2.2 Release Candidate 2a + buySAFE)

 

So with that I'm guessing that it is in fact 2.2RC2a

Share this post


Link to post
Share on other sites