Jump to content

Archived

This topic is now archived and is closed to further replies.

Jan_hartvig

page not safe

Recommended Posts

Hi 

I have a problem with the shop showing "Page not safe in adres field before the webbadress. what am I tod do , is it my webbhotell or the shop that is the problem

And my second problem is the text "

I am able to write to the configuration file: /customers/e/0/4/bikesupport.se/httpd.www/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

It has been over 30 days since the extended security checks were last performed. Please re-run the extended security checks under Tools -> Security Checks."

Where is it I have to change this?

 

image.thumb.png.10aae1699e8956b4b01fcd6a6cec6b5c.png

problem.jpg

Share this post


Link to post
Share on other sites
3 minutes ago, Jan_hartvig said:

I am able to write to the configuration file: /customers/e/0/4/bikesupport.se/httpd.www/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

You need to browse to this file on your server using a ftp client such as Filezilla and set the permissions to 444. On the catalog and admin side.

5 minutes ago, Jan_hartvig said:

In Admin go to Tools -> Security Checks.

 

6 minutes ago, Jan_hartvig said:

I have a problem with the shop showing "Page not safe in adres field before the webbadress. what am I tod do , is it my webbhotell or the shop that is the problem

You can speak to your host about installing SSL to your domain.

Share this post


Link to post
Share on other sites

Add the following line to both of the application_top.php files. That will set the file permissions to 440 any time an admin or catalog page is loaded. To upload and overwrite either of those files, you will need to manually set the file permissions to 660 or higher using an FTP application or File Manager. 

chmod('includes/configure.php', 0440);

 

 


osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Share this post


Link to post
Share on other sites
22 hours ago, Hotclutch said:

You need to browse to this file on your server using a ftp client such as Filezilla and set the permissions to 444. On the catalog and admin side.

In Admin go to Tools -> Security Checks.

 

You can speak to your host about installing SSL to your domain.

Hi

found it but after i activated it the webshop design on the first page changed from alt 2 to alt 1.

This is just on the first page. When I click on a link in the shop it goes over to alt 2 again ???

 

alt 2.jpg

alt1.jpg

Share this post


Link to post
Share on other sites

Not sure what you mean. If you mean you activated SSL, then you also have to go edit both your configure files.

  define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', false); // secure webserver for checkout procedure?

This section you need to change false to true. You also have to change your values in the first 2 lines from http to https.

Share this post


Link to post
Share on other sites

Seriously? Put an active link to your admin folder and make it public ...

Delete this link and also hide the link in your screenshot.

Immediately rename your administration folder.

These are basic safety rules ...


with OsC 2.2 since 2006 ...

Share this post


Link to post
Share on other sites
On 6/8/2021 at 10:22 PM, Hotclutch said:

Not sure what you mean. If you mean you activated SSL, then you also have to go edit both your configure files.


  define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers
  define('ENABLE_SSL', false); // secure webserver for checkout procedure?

This section you need to change false to true. You also have to change your values in the first 2 lines from http to https.

Hi 
I will trye this 🙂

 

Share this post


Link to post
Share on other sites

@Jan_hartvig

There are two actions you must take to set-up SSL on your site:

   1) Call your hosting company’s tech support and ask them to apply the SSL Certificate to your domain. Today, this is usually free, unless you want a more insured SSL, in case that you get sued for a data breach. The ladder is a waste of money unless you are Amazon or eBay.

   2) Make changes in both of the osC configuration files to enable SSL and to direct SSL pages to the HTTPS domain name.

This will enable SSL on your site for specific pages such as the shopping cart, all checkout pages, and any registered-customer account pages.

If you want to apply SSL to ALL site pages, you can force this SSL encryption via the following script added to your main .htaccess file. I don’t recommend doing this, but it is your choice and with the current HTTP/2.0 protocol, it will not negatively impact your page loading.

If you want to apply this code, just change YourDomainName in the script to that of your own domain name. Also, you may want to contact your hosting company to get the correct SERVER_PORT number. The one I am using is relevant to my server set-up, here in the US. I’m not sure if this is different outside of the US.

Personally, I only use this script to test for NONSSL vulnerabilities, but you can use it to make all site pages HTTPS, if this is what you want to do. Good luck.

 

# Force (SSL) HTTPS on all pages of this domain
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^YourDomainName\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.YourDomainName.com/$1 [R,L]

 


osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Share this post


Link to post
Share on other sites
14 hours ago, Demitry said:

@Jan_hartvig

There are two actions you must take to set-up SSL on your site:

   1) Call your hosting company’s tech support and ask them to apply the SSL Certificate to your domain. Today, this is usually free, unless you want a more insured SSL, in case that you get sued for a data breach. The ladder is a waste of money unless you are Amazon or eBay.

   2) Make changes in both of the osC configuration files to enable SSL and to direct SSL pages to the HTTPS domain name.

This will enable SSL on your site for specific pages such as the shopping cart, all checkout pages, and any registered-customer account pages.

If you want to apply SSL to ALL site pages, you can force this SSL encryption via the following script added to your main .htaccess file. I don’t recommend doing this, but it is your choice and with the current HTTP/2.0 protocol, it will not negatively impact your page loading.

If you want to apply this code, just change YourDomainName in the script to that of your own domain name. Also, you may want to contact your hosting company to get the correct SERVER_PORT number. The one I am using is relevant to my server set-up, here in the US. I’m not sure if this is different outside of the US.

Personally, I only use this script to test for NONSSL vulnerabilities, but you can use it to make all site pages HTTPS, if this is what you want to do. Good luck.

 


# Force (SSL) HTTPS on all pages of this domain
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^YourDomainName\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.YourDomainName.com/$1 [R,L]

 

 

14 hours ago, Demitry said:

Hi 
Thanks for traying to help me :-)
My webbhotell is full installed with SSL Everything is activated.
I put in the code as you sade. The page become safe but the layout that oscommerce shop has changes from picture 1 to picture 2 below.

The frame setting changes but the page runs in https. in safe mode. 

 

Is there somthing I'm missing here?
 

 

picture 1
alt 2.jpg

Picture 2

alt1.jpg

Share this post


Link to post
Share on other sites

The 2nd picture suggests that you have css files not loading ... somewhere http must be made https, probably configure files.

Share this post


Link to post
Share on other sites

Ashley is right, your css is not loading. Check your /includes/template_top.php file and the shop configuration file. Also, clear your browser cache and do a hard-refresh SHFT-CTRL-R.

 

 


osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Share this post


Link to post
Share on other sites

×