Comments on: Making your shop "bulletproof"… http://www.clubosc.com/making-your-shop-bulletproof.html Showcasing osCommerce...the good, the bad and the ugly! Mon, 30 Jan 2012 16:32:29 +0000 hourly 1 http://wordpress.org/?v=3.0.5 By: enigma1 http://www.clubosc.com/making-your-shop-bulletproof.html/comment-page-1#comment-2885 enigma1 Wed, 11 Mar 2009 13:12:38 +0000 http://www.clubosc.com/?p=224#comment-2885 Having a separate table that lists testimonial content is a plus for e-commerce sites because they present the customer experience about a product or service the store carries. That can generate useful traffic. In my opinion the addon is a useful one, but obviously every piece of s/w needs maintenance and updates for new versions of PHP,MySQL and the like. At the end, is up to the store owners to either know howto, or to hire a professional to integrate contributions to their sites. Instead what is happening they, or someone else just drops the files on the server without consideration leading to all these hacks and side effects we see. Having a separate table that lists testimonial content is a plus for e-commerce sites because they present the customer experience about a product or service the store carries. That can generate useful traffic. In my opinion the addon is a useful one, but obviously every piece of s/w needs maintenance and updates for new versions of PHP,MySQL and the like.

At the end, is up to the store owners to either know howto, or to hire a professional to integrate contributions to their sites.

Instead what is happening they, or someone else just drops the files on the server without consideration leading to all these hacks and side effects we see.

]]> By: Gary http://www.clubosc.com/making-your-shop-bulletproof.html/comment-page-1#comment-2853 Gary Fri, 27 Feb 2009 11:14:16 +0000 http://www.clubosc.com/?p=224#comment-2853 Frankly, I'm surprised that contribution even still exists. I've asked for it to be removed (years ago) along with another contribution that is defunct. There are loads of contributions that people insist on, which I feel are worthless. All that matters for any ecomm site owner, is getting <b>qualified traffic</b> onto the site... Frankly, I'm surprised that contribution even still exists. I've asked for it to be removed (years ago) along with another contribution that is defunct.

There are loads of contributions that people insist on, which I feel are worthless. All that matters for any ecomm site owner, is getting qualified traffic onto the site…

]]> By: enigma1 http://www.clubosc.com/making-your-shop-bulletproof.html/comment-page-1#comment-2852 enigma1 Fri, 27 Feb 2009 09:43:44 +0000 http://www.clubosc.com/?p=224#comment-2852 JR, the whole point of the ip trap was to deploy a honeypot via the robots.txt from the code and comments I read. The directories are exposed intentionally. Honeypots have their uses but blindly banning the IPs because of the restricted directories??. The problem I see is that these contributions were not built targeting the real objectives of ecommerce (like maximizing sales) and instead trying to capitalize on mistakes of other useful contributions like customer testimonials. It's now what? 7 years since Gary posted the first version of the module? Nothing new though happens all the time. The Products Extra Images is another example I remember. The fact is, whoever is on the top page of SEs will do sales and banning IPs and entire countries from your sites will never get you there. So fix the code of contributions you integrate and update the contributions. JR, the whole point of the ip trap was to deploy a honeypot via the robots.txt from the code and comments I read. The directories are exposed intentionally. Honeypots have their uses but blindly banning the IPs because of the restricted directories??.

The problem I see is that these contributions were not built targeting the real objectives of ecommerce (like maximizing sales) and instead trying to capitalize on mistakes of other useful contributions like customer testimonials. It's now what? 7 years since Gary posted the first version of the module? Nothing new though happens all the time. The Products Extra Images is another example I remember. The fact is, whoever is on the top page of SEs will do sales and banning IPs and entire countries from your sites will never get you there. So fix the code of contributions you integrate and update the contributions.

]]> By: Java Roasters http://www.clubosc.com/making-your-shop-bulletproof.html/comment-page-1#comment-2850 Java Roasters Thu, 26 Feb 2009 22:44:46 +0000 http://www.clubosc.com/?p=224#comment-2850 I just looked at the IP Trapper contributions and it could be better. If you don't want someone to find a directory then don't have Disallow: catalog/personal Disallow: catalog/includes Disallow: catalog/cgi-bin In your robots.txt file. You need to make an additional robots.txt file in each of the directories and add this to it; User-agent: * Disallow: / It is a much better way of doing it. Also don't allow directory listing in .htaccess and rename your admin also. I just looked at the IP Trapper contributions and it could be better. If you don't want someone to find a directory then don't have

Disallow: catalog/personal
Disallow: catalog/includes
Disallow: catalog/cgi-bin

In your robots.txt file.

You need to make an additional robots.txt file in each of the directories and add this to it;

User-agent: *
Disallow: /

It is a much better way of doing it. Also don't allow directory listing in .htaccess and rename your admin also.

]]> By: enigma1 http://www.clubosc.com/making-your-shop-bulletproof.html/comment-page-1#comment-2849 enigma1 Thu, 26 Feb 2009 19:49:15 +0000 http://www.clubosc.com/?p=224#comment-2849 If you have a piece of code that has a problem then you fix that code. So if you have a contribution that causes a problem you fix the contribution. You don't go and start doing unnecessary things like striping characters from variables you don't know about. osC has filtering functions in place and as you know when applied properly the parameters are safe for the dbase and the variables throughout the scripts. In the case of customers testimonials just an integer cast is enough. I see no point deploying modules that may damage the site's functionality or exposure. That's not what I call security but quick and dirty hacks. As far I can tell whoever bans IPs has the troubles and honestly I do not see anything malicious about it. And at the top of that good luck figuring out what's going on if you going down the ban path. Especially for a merchant who wonders why his site all of a sudden got removed from the search engines or he sees no sales. If you have a piece of code that has a problem then you fix that code. So if you have a contribution that causes a problem you fix the contribution. You don't go and start doing unnecessary things like striping characters from variables you don't know about. osC has filtering functions in place and as you know when applied properly the parameters are safe for the dbase and the variables throughout the scripts. In the case of customers testimonials just an integer cast is enough. I see no point deploying modules that may damage the site's functionality or exposure. That's not what I call security but quick and dirty hacks.

As far I can tell whoever bans IPs has the troubles and honestly I do not see anything malicious about it. And at the top of that good luck figuring out what's going on if you going down the ban path. Especially for a merchant who wonders why his site all of a sudden got removed from the search engines or he sees no sales.

]]>