Affordable end to end oscommerce solutions with
Search Engine Optimization

Email : osCommerceCoders@gmail.com
Call : +1 818-574-3596 (USA) / +44 (020) 8123-6463 (UK)

Securing oscommerce stores and prevent being hacked

Posted by admin On September - 28 - 2009

If you need help in doing all the above we charge a nominal rate of 200 USD.

Please use the contact us form to get in touch with us.

You need to secure oscommerce by doing the following steps

200 USD

1) Remove admin/file_manager.php
2) Remove admin/define_language.php
3) Make backups of your database and site files, saves a great deal of time & effort cleaning up should anything nasty happen.
4) Install the following useful contributions

Prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752

Monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441

Block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914

htaccess protection http://addons.oscommerce.com/info/6066

Stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044

Make sure that all files, except for the two configure.php files have permissions no higher than 644.

The permissions for the two configure.php files will vary according to the server your site is on – it could be 644, 444 or 400 which is correct.

Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change host

You can use the contribution at http://addons.oscommerce.com/info/6134 to assist with permission settings.

Other steps to be followed


By re-naming & password protection


Security Pro cleans the query string, however any forms using $_POST are un-affected, if you have any forms using the post method you would be advised to do the following on pages accepting $_POST vars.




// clean posted vars
while (list($key, $value) = each($_POST)) {
if (!is_array($_POST[$key])) {
$_POST[$key] = preg_replace(“/[^ a-zA-Z0-9@%:{}_.-]/i”, “”, urldecode($_POST[$key]));
} else { unset($_POST[$key]); } // no arrays expected

following the above steps makes the store secure

If you need help in doing all the above we charge a nominal rate of 200 USD.

Please use the contact us form to get in touch with us.

  • http://www.scarlettribbon.co.uk F Hodgson

    Thanks so much for everything Kalyan – Fast, friendly, very helpful service. I would recommend you to everyone.

  • http://Vintageinspirationsuk.com AGB

    Thanks for all your help Kalyan,

    Great support with valuable knowledge on what to do to resolve the issues.

    Anything you’re unsure of with OSC – Kalyan is your man.

  • http://Twosites Armen Hovsepian

    Clean up and secure both sites: http://www.99centStamps.com (recently hacked) and http://www.armenianStamps.com which you have worked before

  • http://Twosites Armen Hovsepian

    see the comments before regarding http://www.99centstamps.com and http://www.ArmenianStamps.com

  • http://www.organicstoyou.biz alecB

    Not knowing anything about OSC or this particular company, I was a bit worried about trusting them to take over my site. However, my site was in a very badly-hacked state and they seemed to be quite legit. So, I entrusted them with the job. Shortly thereafter the job was complete and all was well. I’m glad that I decided to go with them. I will dfeinitely give return business in the future.

  • http://www.fmbchopperparts.com David Burrill

    Kalyan you are a life saver, it was done quick like always and I’m very happy with the results