1.3.5 sp4 Security-Positive solutions


I decided to write this thread as i’m using an older version of CS cart,and as a member of the community i would like to share a private message i got from a respectfull member of the community in how to secure your SP4.Feel free to add “POSITIVE” comments and observations…(please Spiral don’t post here,this thread is for SOLUTIONS not to scare people)

Thank you.

this is the PM i got:


Originally Posted by gabrieluk

Hi xxxxxxxx,

i wanted to ask you a question…are you using 1.3.5 sp4?if yes,could you point me towards the way to fix vulnerabilities?maybe some .htacess rewriting

Best regards,



Hi Gabriel

I don’t think there are any. I don’t use Reward Points mod [uninstalled already] and if you applied whatever is in Customer area you should be safe.

Regarding htaccess, there’s a long thread about how to use it. No perfect solution is available, that would work for all of us.

Also, use SSL for admin access and rename it.


If you have a static IP at home, limit other IPs from being able to access your admin panel.

Remove skins you don’t use, don’t install other php scripts in CS directory, set correct permissions on folders [avoid 777!]

There’s a script, which will monitor certain CS folders for changes and if something unusual happens, it will send you an email. I cannot find it now, but look for it on hotscripts.com /PHP

Hope, this helps. Good luck.