shanehamelin Posted July 5, 2011 Share Posted July 5, 2011 About every few days I get a fake admin account added to my oscommerce admin list.. Its normally somethings like: adxxx4s00 or 12wi8i000 weird stuff like that.. Now, they aren't making any changes or anything but how can I stop this? Link to comment Share on other sites More sharing options...
Guest Posted July 5, 2011 Share Posted July 5, 2011 Shane, Read These: Admin Security and Website Security. Chris Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted July 5, 2011 Share Posted July 5, 2011 Shane Don't only read it but also implement the recommendations. If they can add admin users they can insert orders and harvest your customer information and ....... It is not difficult to secure your site just a bit scary when you start out if you have never done it before. Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
panicgripdesigns Posted July 15, 2011 Share Posted July 15, 2011 Would these fixes still be applicable to 2.3.1? A little knowledge of php goes a long way. Link to comment Share on other sites More sharing options...
Taipo Posted July 15, 2011 Share Posted July 15, 2011 While there are no known easy breakin methods for the latest osCommerce version as there are for earlier versions, it doesn't hurt to protect the admin directory either by changing its name or adding htpasswd protection in fact on any form of content management systems. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.