Making your shop "bulletproof"…
Nice post in the offical osCommerce forum from user "Spooks" talking about security implications for osCommerce stores…
You can prevent any injection attacks with Security Pro:
http://addons.oscommerce.com/info/5752You can monitor sites for unauthorised changes with SiteMonitor:
http://addons.oscommerce.com/info/4441You can block elicit access attempts with IP trap:
http://addons.oscommerce.com/info/5914You can add htaccess protection:
http://addons.oscommerce.com/info/6066You can stop Cross Site Scripting attacks with Anti XSS:
http://addons.oscommerce.com/info/6044Also make sure that all files, except for the two configure.php files have permissions no higher than 644. The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct. Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts. You can add http://addons.oscommerce.com/info/6134 to assist with permission settings.
Do it now, avoid getting that nasty addition to your listings in google: 'This site might damage your computer' or find all your customers data has been posted on a hackers bulletin board somewhere, etc etc
Good work Spooks!
I initially visited this blog for more information
about the Discount Coupon….it has now become somewhat
of an addiction. Yours is now one of the blogs/sites
I check on a daily basis….and there's always something
informative, useful or just plain fun-to-know waiting there.
Much appreciated!
Comment by Edene — August 29, 2008 @ 5:39 pm
Edene - many thanks for your kind words
Comment by Gary — August 30, 2008 @ 7:31 am