Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

OSC 2.3.1 Help for security


Belial

Recommended Posts

Hello!

 

I am newbie and i really want to know how i can secure my site. The bad in this situation is i am not very good in all these things. I just added two contributions. That'a all.

 

My OSC is 2.3.1 and now in my admin area it has a green colour that is ok with permissions i think. Any suggestions?

Link to comment
Share on other sites

@@Belial

 

A default installation of v2.3.1 REALLY doesn't need anything to be secure. There are no known vulnerabilties. However, there are some contributions that can be added to enhance the default security. Those are the same contributions as noted in the security forum for v2.2 RC2a.

 

 

 

Chris

Link to comment
Share on other sites

Thanks a lot for reply.

 

I want just to do one important thing. To rename admin folder. I tried renamed, but no success on login.It appears an error page. What i miss? I will loose something?

I have two modules installed bestsellers which is inactive and ckeditor.

Link to comment
Share on other sites

What to change in these two configure files? Please be specific. Now i renamed again to admin and can't go to login panel.

 

I get that

 

 

Forbidden

 

You don't have permission to access /admin/ on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Link to comment
Share on other sites

There are two configure files. One is in catalog/includes/configure, and the other is in catalog/admin/includes/configure. Just update any instances of admin to your new admin name and save the files. You may need to do this on your hosting account as the file permissions will need to be changes to something like 666 before you can edit and save the files. Change the permissions back once you have modified them.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

I rename the admin folder. Then i changed the instances of catalog/admin/includes/configure and the permissions of file now is 644.

The admin page works now with new folder name.

 

The catalog/includes/configure file doesn't have any admin word to change. Only localhost and databases passwords.

 

Am i ok now?

 

Thanks for all Steve.

Link to comment
Share on other sites

  • 1 month later...

Hi, any help is greatly appreciated! I don't know how to lock down my site... when you do a search for "Diamond Sahara" this is what you see...

 

 

Diamond Sahara

 

 

www.diamondsahara.ca/Index of /. cgi-bin/ · favicon.ico. Apache Server at www.diamondsahara.ca Port 80.

 

So I know, its wide open.

 

I am a real NOOB :blink: at this compared to the older 1.something version I had till servers were updated and so now, I am trying to rebuild from scratch... took me all weekend to get as far as I am right now.

 

Thank you in advance!!!

:D

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...