Nice post in the offical osCommerce forum from user “Spooks” talking about security implications for osCommerce stores…
You can prevent any injection attacks with Security Pro:
You can monitor sites for unauthorised changes with SiteMonitor:
You can block elicit access attempts with IP trap:
You can add htaccess protection:
You can stop Cross Site Scripting attacks with Anti XSS:
Also make sure that all files, except for the two configure.php files have permissions no higher than 644. The permissions for the two configure.php files will vary according to the server your site is on – it could be 644, 444 or 400 which is correct. Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts. You can add http://addons.oscommerce.com/info/6134 to assist with permission settings.
Do it now, avoid getting that nasty addition to your listings in google: ‘This site might damage your computer’ or find all your customers data has been posted on a hackers bulletin board somewhere, etc etc
Good work Spooks!