|
Answer» In order to secure OsCommerce please follow these steps:
- Download all your OsCommerce files
- Create a backup in case something goes wrong later
- Scan all the files with an antivirus SOFTWARE and delete the suspicious ones
- Check manually for suspicious code in your files. If you have doubts about parts of the code, check the original OsCommerce files
- Make sure there are no .php (.pl, .cgi) files in your images directory. Executable files are not supposed to be there under any circumstances.
- Once you perform the above steps upload your files to your webserver.
- Make sure that your installation is the LATEST OsCommerce version. If not, upgrade it following the official instructions
- PASSWORD PROTECT your admin directory additionally or limit its access by IP
- Disable the following functions in PHP:
disable_functions =exec,passthru,shell_exec,proc_open,popen,curl_exec,curl_multi_exec
Besides that, make sure that register_globals and allow_url_include are turned off.
- Depending on your host and webserver try to FIND additional protection in mod_security rules or suhosin rules applicable to OsCommerce.
In order to secure OsCommerce please follow these steps:
|
