Jump to content

Archived

This topic is now archived and is closed to further replies.

karoloydi

Which .htaccess contribution to install?

Recommended Posts

I was looking in the sticky thread for oscommerce 2.2 security.

It is suggesting to install the "Protect your site via htaccess" contrinution here:

http://addons.oscommerce.com/info/6066

 

Is that still the best one to install?

 

I also found this one that looks quite good and more recent:

Hardcore security for oscommerce htaccess:

http://addons.oscommerce.com/info/8296

 

Also the osc_sec. oscommerce security addon. It also includes .htaccess protection:

http://addons.oscommerce.com/info/8283

 

Im also reading here about htacess password protect. Not sure what this is.

 

Thanks in advance.

Share this post


Link to post
Share on other sites

Each one of them serves a slightly different purpose. The middle link is just a test piece and should not be used on a live website. The last link will protect your website from the specific vulnerabilities that plagued version 2.2 of osCommerce. None of them add protection to your admin directory, that is something you will have to do via the cpanel folder protection feature.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

The middle link is just a test piece and should not be used on a live website.

 

Had 1st link in my old RC2.2a store no problems, am using it in my new 2.3.3.4 PHP 5.4.21 store, no problems. Have tried link 2 in the new store, all OK apart from, Options All -Indexes, php_value session.use_trans_sid 0 and turn off magic_quotes_gpc. Is your advice re the second link still current? Is the second more secure? Which one should I use now please.

 

Martin

 

Martin


OsC 2.3.4.1 CE Frozen   PHP 7.2   MySQL 10.1.36-MariaDB-cll-lve. Phoenix in development

Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix 1.0.3.0) here.

Share this post


Link to post
Share on other sites

×