Jump to content

Archived

This topic is now archived and is closed to further replies.

videosilva

New install ERROR

Recommended Posts

 I did a new full package install of v 2.3.4 and am getting the following errors

 

  Admin HTTP Authentication admin_http_authentication HTTP Authentication has not been set up for the osCommerce Administration Tool - please set this up in your web server configuration to further protect the Administration Tool from unauthorized access.

 

 

  config_file_catalog config_file_catalog I am able to write to the configuration file: /home/videosil/public_html/dvd/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

 

I have read / googled and am unable to figure out why I am getting these errors. Most importantly how do i fix them ?

Share this post


Link to post
Share on other sites

Additional Protection With htaccess/htpasswd

This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.

Enabling the htaccess/htpasswd security layer will automatically store administrator username and passwords in a htpasswd file when updating administrator password records.

Please note, if this additional security layer is enabled and you can no longer access the Administration Tool, please make the following changes and consult your hosting provider to enable htaccess/htpasswd protection:

1. Edit this file:

/home/videosil/public_html/dvd/catalog/admin/.htaccess

Remove the following lines if they exist:

##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####
AuthType Basic
AuthName "osCommerce Online Merchant Administration Tool"
AuthUserFile /home/videosil/public_html/dvd/catalog/admin/.htpasswd_oscommerce
Require valid-user
##### OSCOMMERCE ADMIN PROTECTION - END #####

2. Delete this file:

/home/videosil/public_html/dvd/catalog/admin/.htpasswd_oscommerce

Share this post


Link to post
Share on other sites

Before you go much further you should check your oscommerce version. If you are planning to start from new and have installed version 2.3.4 you should really be lloking at the 2.3.4BS version. Details can be found here.

 

http://forums.oscommerce.com/topic/396152-bootstrap-3-in-234-responsive-from-the-get-go/

 

Using bootstrap version will make your site responsive, which means it will work on many size displays. Google will also not penalise you for being non responsive in its search results.

 

Set up is exactly the same between the two versions, but it is easier to add many extras as they are being developed as modules.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Phoenix version here

It's easy to say to yes every question.

Share this post


Link to post
Share on other sites

@@videosilva,

 

 

like 14steve14 says, take a look at the 234BS version.

 

It's AWESOME & no need of iOSC for mobile version

Share this post


Link to post
Share on other sites

Additional Protection With htaccess/htpasswd

 

Are you asking how to do this, or are you reporting that you found the answer to your question? Your second post is very vague.

 

Per your original post, there are two issues here.

  1. You need to have the "admin" (it should be renamed so hackers have a harder time attacking it) directory protected by system-implemented ID and password. That is, you need to log in to the admin side, beyond any normal osC user ID. This might be done with the supplied .htaccess and password control files, or your host probably offers some sort of "password protect a directory". Use one or the other, but make sure you do this!
  2. The two configure.php files need to be made Read-Only for PHP access. This prevents hackers from somehow manipulating osC into overwriting these files and destroying your store. It doesn't necessarily have to be Read-Only for you, but that can be helpful to prevent accidentally erasing the files. Note that the source of the configure.php files cannot normally be read by the public (thus preventing the passwords within them from being exposed). Also note that making the files Read-Only to you means that to edit them or upload new copies, you first need to temporarily make them Read-Write. Finally, do not make them Read-Only until you have completed the setup of the store (it needs to write to these files).

Share this post


Link to post
Share on other sites

 

Are you asking how to do this, or are you reporting that you found the answer to your question? Your second post is very vague.

 

Per your original post, there are two issues here.

  1. You need to have the "admin" (it should be renamed so hackers have a harder time attacking it) directory protected by system-implemented ID and password. That is, you need to log in to the admin side, beyond any normal osC user ID. This might be done with the supplied .htaccess and password control files, or your host probably offers some sort of "password protect a directory". Use one or the other, but make sure you do this!
  2. The two configure.php files need to be made Read-Only for PHP access. This prevents hackers from somehow manipulating osC into overwriting these files and destroying your store. It doesn't necessarily have to be Read-Only for you, but that can be helpful to prevent accidentally erasing the files. Note that the source of the configure.php files cannot normally be read by the public (thus preventing the passwords within them from being exposed). Also note that making the files Read-Only to you means that to edit them or upload new copies, you first need to temporarily make them Read-Write. Finally, do not make them Read-Only until you have completed the setup of the store (it needs to write to these files).

 

Hello

 

I have followed these instructions, I am using the 2.3.4BS version and despite making the changes I am still getting the amber alert on the Security Check

 

ms_warning.png Admin HTTP Authentication admin_http_authentication HTTP Authentication has not been set up for the osCommerce Administration Tool - please set this up in your web server configuration to further protect the Administration Tool from unauthorized access.

 

Please can you help

Share this post


Link to post
Share on other sites

I don't think the osC detection tools may work properly on all servers. When you try to go into the Admin Tool, are you being asked for an ID and password by your server? If so, just ignore the alert. If you aren't, try using your hosting control panel "password protect a directory" function instead (after removing the security files you manually installed).

Share this post


Link to post
Share on other sites

×