Jump to content

Archived

This topic is now archived and is closed to further replies.

pirolau

How to protect my website ?

Recommended Posts

Hi, my website www.estadias.net is always being attacked by hackers and do not know what to do.

 

http://sitecheck.sucuri.net/scanner/?scan=www.estadias.net

 

http://www.unmaskparasites.com/security-report/

 

Someone can help me, I spoke several times with the hosting company and they say that oscommerce is not safe and to make the site safer on other platforms.

But I'm not an expert and oscommerce is what I understand best.

What can I do to just have this site online without constantly being attacked?

Share this post


Link to post
Share on other sites

Unfortunatly you can not stop hackers attacking your site but what you can do is apply the security patches that have been issued and cleanse your site of the "infections".

 

The security patches for 2.2 and before are in the pinned threads in the Security forums.

 

There is also a guide on cleansing your site in my profile pages.

 

HTH

 

G

 

@@pirolau


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

@@pirolau

 

HERE is the security thread. Read it carefully and follow the posts to secure your site. You will also need to clean your site by removing all malicious code and anomalous files.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Yes, osC 2.2 is full of security holes and very unsafe. If you follow the instructions for securing your site, you can make osC 2.2 reasonably safe (no more vulnerable than 2.3). osC 2.3 is no more vulnerable to hackers than any other platform, so your host isn't telling the complete truth.

 

When you say "hackers", you mean that someone is getting in and actually modifying your site files to do improper things? This is different from "spammers", who exploit code or poor settings to do their advertising for them, or send out emails with ads. They are a problem, but they don't change your code.

 

There are other things you need to do in order to deal with hackers. If you've been hacked, you need to first scan your PC (used to administratively access your site) for spyware and viruses. Once confirmed clean, change all your passwords: site hosting access, FTP, site admin password, etc. The hacker may know these. Remove all files that you can't absolutely account for -- a hacker may have left Trojans or backdoors. Clean hack code out of your site files -- it may be easier to erase all osC files and start with fresh copies from the install package, and reinstall your add-ons. Check, but don't erase, your two or three configure.php files. Don't erase your product photos and downloadable files. Don't erase or empty out your database, but you might need to upgrade it if you're changing to a later osC version in the process. Make sure any themes and add-ons you will be installing match the osC version you're using.

Share this post


Link to post
Share on other sites

Thank you for your responses.

I have oscommerce 2.3.3 and the addons are for 2.3.3.

Where i go to find security advices and addons for 2.3.3 ?

Share this post


Link to post
Share on other sites

@@pirolau

 

 

There are no security patches for 2.3.3 because 2.3.3 has no known security vulnerabilities. I would suggest looking at your server as the point of entry.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

A couple of questions @@pirolau:

- Is osCommerce the only script/application you are running on your site?

- Were you ever using an earlier version of osCommerce?

- Have you tried using the osC_Sec addon?


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

×