Results 1 to 10 of 10

Thread: Website security

  1. #1
    Diamond Member adrianh's Avatar
    Join Date
    Mar 2010
    Location
    Cape Town
    Posts
    5,089
    Thanks
    336
    Thanked 808 Times in 642 Posts

    Website security

    I run an OsCommerce site which has been hacked twice now. Anybody got advice on securing the site?
    How easily someone is offended is directly proportional to how stupid they are.
    ~GS Elevator

  2. #2
    Gold Member twinscythe12332's Avatar
    Join Date
    Jan 2007
    Location
    durban
    Posts
    769
    Thanks
    12
    Thanked 110 Times in 84 Posts
    do you know how they are hacking your site? I'd suggest starting at the OsCommerce site forums to see if there have been any new hacks found.

  3. #3
    Site Caretaker Dave A's Avatar
    Join Date
    May 2006
    Location
    Durban, South Africa
    Posts
    20,979
    Thanks
    3,055
    Thanked 2,462 Times in 2,067 Posts
    Blog Entries
    12
    I see part of their support forum is a security section.
    The trouble with opportunity is it normally comes dressed up as work.

  4. #4
    Full Member Cream's Avatar
    Join Date
    Aug 2010
    Location
    Randburg, Gauteng
    Posts
    89
    Thanks
    15
    Thanked 8 Times in 7 Posts
    Have a look at how-to-secure-your-site This might help.

    What is the address of your website?

  5. #5
    Gold Member Mark Atkinson's Avatar
    Join Date
    Jul 2010
    Location
    Durban, South Africa
    Posts
    796
    Thanks
    212
    Thanked 150 Times in 117 Posts
    Blog Entries
    12
    Adrian - My Joomla! site has been hacked twice now too. Unfortunately if they are decent enough hackers they're going to get through just about any protection.

    Have they done any serious damage to your site? Our culprits just seem to do things to annoy us - And they succeed.
    "The way to gain a good reputation, is to endeavor to be what you desire to appear." - Socrates
    Mark My Words - Arbitrary thoughts on ordinary things

    LinkedIn | Twitter

    Bafokke Shirts - South Africa's No. 1 Fan Shirt!

  6. #6
    Full Member Cream's Avatar
    Join Date
    Aug 2010
    Location
    Randburg, Gauteng
    Posts
    89
    Thanks
    15
    Thanked 8 Times in 7 Posts
    Mark, maybe worth your read for Joomla Security:
    Joomla Security Checklist

  7. #7
    Diamond Member AndyD's Avatar
    Join Date
    Jan 2010
    Location
    Cape Town
    Posts
    4,403
    Thanks
    513
    Thanked 854 Times in 687 Posts
    When you say they hacked your site Adrian, what did they actually do? Was it malicious or passive? Was there a money making angle to it, was there theft?
    _______________________________________________
    I am special and so is Vanash.
    _______________________________________________

  8. #8
    Diamond Member adrianh's Avatar
    Join Date
    Mar 2010
    Location
    Cape Town
    Posts
    5,089
    Thanks
    336
    Thanked 808 Times in 642 Posts
    @cream - the url is www.scalecraft.co.za

    They don't destroy the site. They disable the entire site and replace the front page. I think they do it simply to prove that they can.

    I keep a backup of the entire site so when it happens I clear out the rubbish that they add and replace the damaged files.

    They deleted the admin user from the database once and added their own user - I fixed this through PhPMyAdmin via Cpanel.
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	scalecraft_hacked.jpg 
Views:	83 
Size:	26.0 KB 
ID:	1449  
    Last edited by adrianh; 08-Dec-10 at 07:49 AM.
    How easily someone is offended is directly proportional to how stupid they are.
    ~GS Elevator

  9. #9
    Junior Member
    Join Date
    Dec 2010
    Location
    Bloemfontein
    Posts
    12
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by adrianh View Post
    @cream - the url is www.scalecraft.co.za

    They don't destroy the site. They disable the entire site and replace the front page. I think they do it simply to prove that they can.

    I keep a backup of the entire site so when it happens I clear out the rubbish that they add and replace the damaged files.

    They deleted the admin user from the database once and added their own user - I fixed this through PhPMyAdmin via Cpanel.
    The best thing to do is as follow

    Generate a lenght password
    Get a SSL Cerificate for your website


    You did not mention what osEcommerce solution your are using

    If you can specify a name I would be able to assist you

  10. #10
    Diamond Member adrianh's Avatar
    Join Date
    Mar 2010
    Location
    Cape Town
    Posts
    5,089
    Thanks
    336
    Thanked 808 Times in 642 Posts
    I run an OsCommerce site which has been hacked twice now. Anybody got advice on securing the site?
    I do: "OsCommerce"
    How easily someone is offended is directly proportional to how stupid they are.
    ~GS Elevator

Similar Threads

  1. [Article] Your website is a waste of money!
    By Chatmaster in forum Marketing Forum
    Replies: 37
    Last Post: 28-Nov-10, 03:00 PM
  2. Selling member interest in CC
    By Martinco in forum General Business Forum
    Replies: 8
    Last Post: 19-Oct-10, 09:10 PM
  3. [Article] 3 Reasons Content is King for your website
    By G Robin in forum General Business Forum
    Replies: 21
    Last Post: 10-Sep-10, 12:29 PM
  4. Teams satisfied with security arrangements
    By BBBEE_CompSpec in forum General Chat Forum
    Replies: 0
    Last Post: 08-Dec-09, 10:57 AM

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •