How safe is OScommerce backend?

dynamiteout

Power Member
Joined
May 27, 2008
Messages
656
Reaction score
168
I have an OScommerce store up online now. Recently, I've read that using google searches, users can hack or get into the OScommerce store's backend and reveal and change all information, including customers, catelogue etc.

Is this true? How easy can on get into the backend like that? What should I do to prevent this happening.


Please advise.
 
I have an OScommerce store up online now. Recently, I've read that using google searches, users can hack or get into the OScommerce store's backend and reveal and change all information, including customers, catelogue etc.

Is this true? How easy can on get into the backend like that? What should I do to prevent this happening.


Please advise.

Oscommerce works like a membership site rather than a regular storefront site. It uses sessions to secure access to a specific page and redirects to a login, main page or some other message or offer page automatically.

Unless someone is deliberately trying to hack you from your server or otherwise, I wouldn't worry about it, as it is a secure system to my experience with it.
 
Some brainless people fail to password protect their OSC backend (in most versions it isnt by default. Password protect your admin directory and you should be OK.

Don't install any dodgy contributions and you'll be fine.
 
Some brainless people fail to password protect their OSC backend (in most versions it isnt by default. Password protect your admin directory and you should be OK.

Don't install any dodgy contributions and you'll be fine.

Password protection is a great method too. Good point.

Just be careful to not block out your master directory as that method tends to do by default unless you specifically safeguard it through a .htaccess file.

Generally password protecting your directory will tend to cover the whole site if you use say a hotkey or ip protection from cpanel or plesk.

check into it for the best method to fit your needs. Asking your hosting provider to put it in for you is the best way to prevent issues later in my opinion, if you can't code it yourself.
 
Back
Top