Posted by admin on December 24, 2009 under oScommerce Security | 
customer database are being sent spam emails from the osCommerce store.
Many oscommerce stores which is not secure are having this issue
Solution
Passoword protect with htaccess
http://code.google.com/p/oscmax2/source/diff?spec=svn169&r=169&format=side&path=/trunk/catalog/admin/includes/application_top.php
For a nominal fee of 50 usd we will secure the site for spam emails from oscommerce store
Posted by admin on September 28, 2009 under oScommerce Security, osCommerce Services |
If you need help in doing all the above we charge a nominal rate of 200 USD.
Please use the contact us form to get in touch with us.
You need to secure oscommerce by doing the following steps
1) Remove admin/file_manager.php
2) Remove admin/define_language.php
3) Make backups of your database and site files, saves a great deal of time & effort cleaning up should anything nasty happen.
4) Install the following useful contributions
Prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752
Monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441
Block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914
htaccess protection http://addons.oscommerce.com/info/6066
Stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044
Make sure that all files, except for the two configure.php files have permissions no higher than 644.
The permissions for the two configure.php files will vary according to the server your site is on – it could be 644, 444 or 400 which is correct.
Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change host
You can use the contribution at http://addons.oscommerce.com/info/6134 to assist with permission settings.
Other steps to be followed
SECURING THE ADMIN:
By re-naming & password protection
FORMS:
Security Pro cleans the query string, however any forms using $_POST are un-affected, if you have any forms using the post method you would be advised to do the following on pages accepting $_POST vars.
after:
CODE
require(‘includes/application_top.php’);
add:
CODE
// clean posted vars
reset($_POST);
while (list($key, $value) = each($_POST)) {
if (!is_array($_POST[$key])) {
$_POST[$key] = preg_replace(“/[^ a-zA-Z0-9@%:{}_.-]/i”, “”, urldecode($_POST[$key]));
} else { unset($_POST[$key]); } // no arrays expected
}
following the above steps makes the store secure
If you need help in doing all the above we charge a nominal rate of 200 USD.
Please use the contact us form to get in touch with us.
Posted by admin on July 30, 2009 under oScommerce Issues, oScommerce Security, osCommerce Services |
There has been a recent increase of attacks on osCommerce websites using old versions.
Hackers exploit a vulnerability that is usually used for uploading product pictures to the /images directory.
Php files are uploaded in the images directory and executed.
CUstomer and order details are displayed and also emailed to the hackers email address.
Sometimes traces are left by the hacker.
PHP files show up in the images directory (though sometimes they’re deleted after being run).
Gengerally, the following code iframe is added to every product_description and categories_description
We have a process to clean up the database and clean up the images directory
150 USD
Posted by admin on February 26, 2009 under oScommerce Security |
Prevent any injection attacks Security Pro
http://addons.oscommerce.com/info/5752
Monitor sites for unauthorised changes with SiteMonitor
http://addons.oscommerce.com/info/4441
Block elicit access attempts with IP trap
http://addons.oscommerce.com/info/5914
htaccess protection
http://addons.oscommerce.com/info/6066
Cross Site Scripting attacks with Anti XSS
http://addons.oscommerce.com/info/6044
Make sure that all files, except for the two configure.php files have permissions no higher than 644.
Permissions on folders should be no higher than 755.
http://addons.oscommerce.com/info/6134 to assist with permission settings.
