1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How safe is OScommerce backend?

Discussion in 'Black Hat SEO' started by dynamiteout, Oct 31, 2008.

  1. dynamiteout

    dynamiteout Power Member

    Joined:
    May 27, 2008
    Messages:
    657
    Likes Received:
    168
    I have an OScommerce store up online now. Recently, I've read that using google searches, users can hack or get into the OScommerce store's backend and reveal and change all information, including customers, catelogue etc.

    Is this true? How easy can on get into the backend like that? What should I do to prevent this happening.


    Please advise.
     
  2. aftershock2020

    aftershock2020 Senior Member

    Joined:
    Oct 19, 2007
    Messages:
    981
    Likes Received:
    477
    Oscommerce works like a membership site rather than a regular storefront site. It uses sessions to secure access to a specific page and redirects to a login, main page or some other message or offer page automatically.

    Unless someone is deliberately trying to hack you from your server or otherwise, I wouldn't worry about it, as it is a secure system to my experience with it.
     
  3. hade

    hade Registered Member

    Joined:
    Jul 25, 2008
    Messages:
    79
    Likes Received:
    26
    Some brainless people fail to password protect their OSC backend (in most versions it isnt by default. Password protect your admin directory and you should be OK.

    Don't install any dodgy contributions and you'll be fine.
     
  4. aftershock2020

    aftershock2020 Senior Member

    Joined:
    Oct 19, 2007
    Messages:
    981
    Likes Received:
    477
    Password protection is a great method too. Good point.

    Just be careful to not block out your master directory as that method tends to do by default unless you specifically safeguard it through a .htaccess file.

    Generally password protecting your directory will tend to cover the whole site if you use say a hotkey or ip protection from cpanel or plesk.

    check into it for the best method to fit your needs. Asking your hosting provider to put it in for you is the best way to prevent issues later in my opinion, if you can't code it yourself.