How safe is OScommerce backend?

dynamiteout

dynamiteout

Power Member
Joined
May 27, 2008
Messages
656
Reaction score
168
I have an OScommerce store up online now. Recently, I've read that using google searches, users can hack or get into the OScommerce store's backend and reveal and change all information, including customers, catelogue etc.

Is this true? How easy can on get into the backend like that? What should I do to prevent this happening.


Please advise.
 
Advertise on BHW
dynamiteout said:
I have an OScommerce store up online now. Recently, I've read that using google searches, users can hack or get into the OScommerce store's backend and reveal and change all information, including customers, catelogue etc.

Is this true? How easy can on get into the backend like that? What should I do to prevent this happening.


Please advise.
Click to expand...

Oscommerce works like a membership site rather than a regular storefront site. It uses sessions to secure access to a specific page and redirects to a login, main page or some other message or offer page automatically.

Unless someone is deliberately trying to hack you from your server or otherwise, I wouldn't worry about it, as it is a secure system to my experience with it.
 
Some brainless people fail to password protect their OSC backend (in most versions it isnt by default. Password protect your admin directory and you should be OK.

Don't install any dodgy contributions and you'll be fine.
 
hade said:
Some brainless people fail to password protect their OSC backend (in most versions it isnt by default. Password protect your admin directory and you should be OK.

Don't install any dodgy contributions and you'll be fine.
Click to expand...

Password protection is a great method too. Good point.

Just be careful to not block out your master directory as that method tends to do by default unless you specifically safeguard it through a .htaccess file.

Generally password protecting your directory will tend to cover the whole site if you use say a hotkey or ip protection from cpanel or plesk.

check into it for the best method to fit your needs. Asking your hosting provider to put it in for you is the best way to prevent issues later in my opinion, if you can't code it yourself.
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Account Selling Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top