Jump to content

Archived

This topic is now archived and is closed to further replies.

crissie87

Upgrading from 2.2 oscommerce hacked version to 2.3

Recommended Posts

Good day everyonei, my new client has an ecommerce site running on Oscommerce which was a version 2.2 and also hacked. He hired me to help migrate the site to Magento but I figured it is too much work.

 

My suggestion for him was to update from version 2.2 (which is well-known for vulnerable security) to version 2.3, But he can't be sure about it and asked me if I could find all the sources of malwares in the current site.

So I plan to start everything from scratch. Fresh and clean install of V 2.3. My question is would it be safe or would we get attacked again. I honestly am not sure myself.

 

If so how do I track where the malwares are? I know image folder has them the most but I can’t seem to find where else. I am quite new with Oscommerce.

 

My last question, is Magento really safer? I am just a newbie here. Please don’t take it wrong. I am asking this because my client has been brainwashed by his friends how great Magento is but he seems to be open-minded with my direction, I just need to reassure him that it is equally good.

 

Thank you for all in advance.

Share this post


Link to post
Share on other sites

No one can say the site won't be hacked again. Currently, 2.3.3 is considered secure but that doesn't mean the host is or that your client won't allow his logins to be released or some new security hole won't be found. If you are starting over, then completely replace the whole web directory (public_html, httpdocs or whatever it is called). Then strip out any non-image files from the images directory and scan the rest for viruse code and upload that to the new shop. That will completely remove anything that shouldn't be there.

 

I should add that this is a very expensive (both in time and money) thing to do if the original shop has many changes in it and should not be done unless you know what you are doing or if your client agrees to that expense beforehand. The original shop can be cleaned and secured for a lower clost but, again, only if you have the experience to do so properly.

Share this post


Link to post
Share on other sites

Chrissie

 

There is a pinned posting in the security forum on how to secure a 2.2 site but how to disinfect a site of all the nasties is more complicated.

 

If you are happy finding new files, files with code injected in them then there are a few add-ons that will help and also a few posts explaining how to clean an exisiting site.

 

A quick google of this forum will come up with lots of help.

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Oscommerce and Magento is very different "animals" , but security wise the latest stable versions of both are sound.

 

Magento is more "advanced" but also much more resource intensive, so mostly suitable for larger businesses with their own dedicated server to run it on.

 

Oscommerce is "lighter" and can run just fine on a standard shared hosting account, aswell as being flexible/modifiable enough to be the base of an enterprise level site too.

Share this post


Link to post
Share on other sites

×