Has anyone ever thought about renaming osCommerce page filenames and directory names and other things? This may be a decent way to solve some problems that osCommerce shop owners experience.
For many years, my own osCommerce store has had a different name for the product_info.php page, which has lead to greater SEO benefits. But that’s another reason…
For this post I am more interested in making osCommerce harder for a “hacker” to hack. For starters, read a previous post on this blog for an overview on some ideas and methods. Here’s some more ideas hunt google or the osCommerce forum if you need code examples on how to do any of this);
1. Why advertise that your site is osCommerce?
Of course, to the experienced eye, it is easy to tell whether a site is running osC or not. But why advertise the fact.
Is your site saying “powered by oscommerce” on it? Remove it!
Is your site using the oscsid variable? OSCsid – a small change, but well worth it? Why not change that to the zencart sid? Or creloaded? Or one of your own. It doesn’t really matter what you use for an SID – and it is easy to change in osCommerce…
2. Change the filenames!
Why would you keep the filenames the same as standard osCommerce? Of course, you’ll probably need to keep index.php the same in order for your site to show up when your URL in input, but even this is easily changable! As for the rest, it’s very simple. Rename the file, rename it’s corresponding language file, make the same change in the file at includes/filenames.php
3. Change the dirnames!
Change the Directory names! Why keep the name “includes” – it could as easily be “inc” or “incl” or “zippy” or “brian”. Just rename it and make the corresponding change in BOTH configure.php files.
I hear you saying, “that’s all well and good Gary, but what about contributions, won’t this break them”? The answer to this is maybe it will, if the contribution is not correctly written. The same goes for templates – if they are correctly written, they will still work.
Note that I am not saying that changing names of things is a great protection against anything, but if you make your website harder for a layman to know what software is running it, you MAY find they move onto the next website quicker, leaving your site alone.
Also, you could actually change the .php ending in your filenames rather easily. As an example, I remember a Liverpool Football Club website that had .lfc endings for each page. Haven’t checked it out, but should only be a .htaccess change!
Hello Gary.
Dredging up a thread from the past…hope you don’t mind.
In regards to renaming the OSCsid, is there any harm in doing this to an existing store? What about any links that might have been posted by customers in forums or such, linking to a product, and in which the OSCsid is present in the link?
Thanks
Rob
Rob, the OSCsid shouldn’t be in any external link, it is unique to each customer – does happen though, especially with 2.2xx
May be interesting, Gary, if you could come up with a way to strip an incoming link of a OSCsid (if one were present) while preserving the given OSCsid when a customer is browsing
Dredging up old posts, is a good thing.
As Juls points out, you should never have the oscsid on an outside link. If they are, it can cause issues in certain curcumstances.
Changing the oscsid is not a big deal, won’t affect your store workings, but may help to hide it’s “osc” origin – change it in application_top if I recall correctly.
Juls – set “recreate sessions” to true should help.
Gary, my problem is Google – storing pre 2.3 links with OSCsid and separate links for each currency and language – now language I can understand but currency… especially when Google decides that your product in $ is the same as the ones in £ and € which equates to duplicate or multiple content ::)
Just wish Google was resetable 🙂
Thanks guys…perhaps I was mis-interpretting the link shown…perhaps it was the currency/language item froom above?
Anyways, I’ll likely proceed with changing the OSCsid and directory names. Every little bit has got to help.