[quote name=‘indy0077’]I don’t understand what you mean, but if you mean end user computer (home computer) then Linux, but it’s not a OS for browsing or home office.[/QUOTE]
I am talking about END USER like ADMIN (person that will have any acess to the website like admin), that person that will insert new produts in the CATALOG.
This person, not our clients, need to have the best security or at least minimize attacks from crackers and others.
OPERATIONAL SYSTEM:
Windows is the most used (at least for end user) operational system.
It is paid.
Crackers like to attack this kind of OS.
So, if an END USER uses another operational system, he will have less chance to have attacks in his machine.
----------------
In this world called WINDOWS, a lot of people use a browser called INTERNET EXPLORER. This browser (internet explorer) is the browser that has the biggest percentual of attacks in internet.
------------
PROBABILITIES:
If I do not use WINDOWS and if I do not use INTERNET EXPLORER, maybe, I will have less problems about internet security.
----------
I hope this time the message is better to understand.
I think, it’s not easy to live in Brasil :rolleyes:
[QUOTE]PROBABILITIES:
If I do not use WINDOWS and if I do not use INTERNET EXPLORER, maybe, I will have less problems about internet security.[/QUOTE]
Absolutely no doubt about that!
Safest method would be to place a tin can on your server as well as your desk, then make the final connection between the two points with a string. You will now be hacker free, and you can most likely add a third string and connect it to a wall outlet for even better performance! 
I have my cat taking care of those security things. But my grandma, has a small cross with Jesus just by her keyboard. Apparently, this helps a lot.
[quote name=‘Struck’]Absolutely no doubt about that!
Safest method would be to place a tin can on your server as well as your desk, then make the final connection between the two points with a string. You will now be hacker free, and you can most likely add a third string and connect it to a wall outlet for even better performance! :D[/QUOTE]
[QUOTE]But my grandma, has a small cross with Jesus just by her keyboard. [/QUOTE]
I agree, as soon as I had a Cross tatooed on my forehead, good things started happening for me.
[quote name=‘indy0077’]I think, it’s not easy to live in Brasil :rolleyes:[/QUOTE]
Yes, it is very hard.
Here I had in the morning 30ºC and I haven’t known what is temperatures under 15ºC, neither in the night.
Very hard.
About internet security, I think I have a big problem too. Servers from DreamHost are in California(?) and to they come from USA to Brazil all data need to pass for a lot of countries and they can be STOLEN because these are “Latin American” countries.
Very hard is to LISTEN people from BIG COMPANIES in USA asking to send copy of your credit card by e-mail (scanned) or phone (fax).
Easy could be if I live in your country where you can buy using internet that CRACKERS can not attack and from stores that uses SSL certificates from SONY VAIO or APPLE.
AHAHAHAHAHAHAHAHA
Is this to laugh?
Ops… sorry!
Returning back to an earlier thread point …
[quote name=‘utilityempire’]Hi Indy,
Thanks for that. It’s a long list to add so could this have any effect on server speed or site performance. My .htaccess is already rather large :-)[/QUOTE]
There is a much better way to block countries …
If the server you are on supports GEOIP from MaxMind, you can block entire countries in a few simple commands without using any long lists of CIDR blocks:
SetEnvIf GEOIP_COUNTRY_CODE (RU|CN|KR) DenyCountry
SetEnvIf GEOIP_CONTINENT_CODE (AF) DenyContinent
Order Allow,Deny
Allow from 127.0.0.1
Allow from All
Deny from env=DenyCountry
Deny from env=DenyContinent
In the example code, I just blocked Russia (RU), China (CN), and Korea (KR) as well as the entire continent of Africa (AF) just by putting in the two letter codes for each of those!
(If you really want to get rid of the crazy fools, try CONTINENT codes “EU”, “NA”, and “AU” EVIL GRIN 
)
If you don’t know if your server supports GEOIP, check your phpinfo() screen and do a search for “GEOIP_COUNTRY_CODE” on the screen.
If your server doesn’t support GEOIP but you are on your own server, it is very easy to add and all you really need to setup is the “GEOIP Apache API” and the “GEOIP C Library API” and you’ll have the basics of what you need to setup.
[quote name=‘Spiral’]There is a much better way to block countries …
If the server you are on supports GEOIP from MaxMind, you can block entire countries in a few simple commands without using any long lists of CIDR blocks:[/quote]
Yes Spiral, that’s right but over the IP’s you have more control because for example we have blocked some IP’s from Russia but not all as we have customers there too. Maybe some people from China want to buy from us, then we have to make filtering and the list manually. For example we have a monitoring/tracking system which shows us live browsing behavior of people currently on our site. It’s really funy to see what some of them are trying (starting by login into the customer area up to php hacks).
[quote name=‘Spiral’]
If you don’t know if your server supports GEOIP, check your phpinfo() screen and do a search for “GEOIP_COUNTRY_CODE” on the screen.
If your server doesn’t support GEOIP but you are on your own server, it is very easy to add and all you really need to setup is the “GEOIP Apache API” and the “GEOIP C Library API” and you’ll have the basics of what you need to setup.[/QUOTE]
Thanks for the tip Spiral, much appreciated. I am running on VPS at present and my host has advised that they do not support GEOIP but have said I could block the IP ranges using the server firewall instead of mt .htaccess
After adding the list supplied by Indy, I wouldn’t go back to not having this in either my .htaccess or the server firewall. Looking at my Error log just shows how many people have been trying to access things they shouldn’t be from the countries Indy provided code to block in .htaccess
[quote name=‘Indy0077’]Yes Spiral, that’s right but over the IP’s you have more control because for example we have blocked some IP’s from Russia but not all as we have customers there too. Maybe some people from China want to buy from us, then we have to make filtering and the list manually.[/QUOTE]
A little bit of faulty logic in that statement in that you can just as easily block the country codes you want and then turn around and whitelist the CIDR ranges that you want to keep unblocked easy enough or even reverse that the other way around if you so desired. It gives you a lot of flexibility and also helps avoid the problem of IPs changing constantly.
If you build up a list of CIDR ranges to either whitelist or blacklist, it may work for you on the front end but large groups of CIDRs will quickly become outdated forcing you to go and re-verify the ranges and do a lot of manual updating work to keep current since an IP range you wanted to ban previously may be an IP range you want to keep today or vice versa.
With the “GEOIP” solution or similar out there, you only have to keep your database updated which can be cronjob automated very easily leaving the need to go back and revisit your selected IP ranges left to a barebones minimum.
[quote name=‘Utilityempire’]I am running on VPS at present and my host has advised that they do not support GEOIP[/QUOTE]
If you are actually on a VPS, you could add this very easily …
It takes me all of 30 seconds to install GEOIP and is pretty much a no brainer.
I’ve even written installation scripts to automate the whole thing that I’d be glad to give
you a copy if you were interested in adding that feature to your server.
…for your explanation. I will try it.
i use shared hosting cpanel, and the geoip modules is not in phpinfo, what should i do?
i want to block whole world except us.
[quote name=‘Spiral’]I’ve even written installation scripts to automate the whole thing that I’d be glad to give
you a copy if you were interested in adding that feature to your server.[/QUOTE]
Hi Spiral,
Thanks for your kind offer. I may take you up on it
I’m trying to decide what to do with my hosting just now as per this post:-
[url]http://forum.cs-cart.com/showthread.php?t=15373[/url]
[quote name=‘utilityempire’]Hi Spiral,
Thanks for your kind offer. I may take you up on it
I’m trying to decide what to do with my hosting just now as per this post:-
[url]http://forum.cs-cart.com/showthread.php?t=15373[/url][/QUOTE]
Sorry, I don’t provide any kind of web hosting myself but I am in close direct contact with a great many hosts out there of which all of whom I regularly help with security matters or advise on a regular basis and I pretty much know who is who quite well if you would like some leads or some tips in that department.
Overall, are you just looking for VPS or other options or what?
Looking at your post in the other thread and your current host though, I’d be more inclined to go with the Cloud option though if for no other reason that would give you better access to the resources you are allocated among other things. 
[quote name=‘Spiral’]Sorry, I don’t provide any kind of web hosting myself but I am in close direct contact with a great many hosts out there of which all of whom I regularly help with security matters or advise on a regular basis and I pretty much know who is who quite well if you would like some leads or some tips in that department.
Overall, are you just looking for VPS or other options or what?
Looking at your post in the other thread and your current host though, I’d be more inclined to go with the Cloud option though if for no other reason that would give you better access to the resources you are allocated among other things. :)[/QUOTE]
Thanks Spiral,
I’ve switched to there Cloud VPS so we will see how things go. They are transferring the site over for me.
Cheers
Sounds good. That will probably work out much better for you …
From what I saw about your original specs, your account was really far too limited and being a traditional VPS and not having enough resources to really run a store site of any kind all that well, and you’d have also had the added complications of having to share the memory and CPU resources of a single physical machine.
The new account, if your host is using true cloud technology, will draw it’s resources from a network of machines and should be much more efficient and reliable for you any way you look at that.
Spiral, Could I get the installation scripts for GEOIP.
Thanks a million! Dan
[quote name=‘Spiral’]A little bit of faulty logic in that statement in that you can just as easily block the country codes you want and then turn around and whitelist the CIDR ranges that you want to keep unblocked easy enough or even reverse that the other way around if you so desired. It gives you a lot of flexibility and also helps avoid the problem of IPs changing constantly.
If you build up a list of CIDR ranges to either whitelist or blacklist, it may work for you on the front end but large groups of CIDRs will quickly become outdated forcing you to go and re-verify the ranges and do a lot of manual updating work to keep current since an IP range you wanted to ban previously may be an IP range you want to keep today or vice versa.
With the “GEOIP” solution or similar out there, you only have to keep your database updated which can be cronjob automated very easily leaving the need to go back and revisit your selected IP ranges left to a barebones minimum.
If you are actually on a VPS, you could add this very easily …
It takes me all of 30 seconds to install GEOIP and is pretty much a no brainer.
I’ve even written installation scripts to automate the whole thing that I’d be glad to give
you a copy if you were interested in adding that feature to your server.[/QUOTE]
[quote name=‘Noman’]
[COLOR=“red”]- Do not install additional scripts within CS Cart directory as they can already have security bugs or will have. (sure, if you will try to use some s**** scripts)[/COLOR]
Well, try to install Joomla or 3Typo and do not update it for a year. You’ll see. do you call these shi…tty scripts? The list of apparently good, but “soon to be” hackable scripts is long.
[/QUOTE]
I had problem with Joomla.
In a total of 8 domains or more were attacked just because JOOMLA was inside them in a old version.
It is ridiculous.
Noman said one thing VERY IMPORTANT about security. If you need to use Joomla or something like it, it is very interesting to create a new subdomain or something like that.
Some websites was not working with Joomla in front end, but they were attacked too.
I thought Servers did something to help improve security.
But, in fact, in my opinion, they only give you a space in their hosts.
[quote name=‘Spiral’]Returning back to an earlier thread point …
There is a much better way to block countries …
If the server you are on supports GEOIP from MaxMind, you can block entire countries in a few simple commands without using any long lists of CIDR blocks:
SetEnvIf GEOIP_COUNTRY_CODE (RU|CN|KR) DenyCountry
SetEnvIf GEOIP_CONTINENT_CODE (AF) DenyContinent
Order Allow,Deny
Allow from 127.0.0.1
Allow from All
Deny from env=DenyCountry
Deny from env=DenyContinent
In the example code, I just blocked Russia (RU), China (CN), and Korea (KR) as well as the entire continent of Africa (AF) just by putting in the two letter codes for each of those!
(If you really want to get rid of the crazy fools, try CONTINENT codes “EU”, “NA”, and “AU” EVIL GRIN )
If you don’t know if your server supports GEOIP, check your phpinfo() screen and do a search for “GEOIP_COUNTRY_CODE” on the screen.
If your server doesn’t support GEOIP but you are on your own server, it is very easy to add and all you really need to setup is the “GEOIP Apache API” and the “GEOIP C Library API” and you’ll have the basics of what you need to setup.[/QUOTE]
Hello Spiral,
You said about HOST and GeoIP module.
I have just asked DreamHost and they support, but using Perl.
Is there any problem?
[url]http://wiki.dreamhost.com/GeoIP[/url]
I have one account in MaxMind. Is this necessary?
Where do I put this code?
In .httpacess file?
Very good.
Russian crackers have nothing to do. Just to attack others websites…kkkkkk.
Specially Joomla.
[QUOTE]Hello Spiral,
You said about HOST and GeoIP module.
I have just asked DreamHost and they support, but using Perl.
Is there any problem?[/QUOTE]
Spiral will most likely not be responding to your questions as he was banned for life from these forums, end of story, no further discussion is necessary.
If you are curious, just search through the forums & determine your own conclusion…
Again, no need to ask why as I am only mentioning this to help save you some time and or confusion!