Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

1.3.5 sp4 Security-Positive solutions Rate Topic   - - - - -

 
  • gabrieluk
  • Senior Member
  • Members
  • Join Date: 21-Jul 09
  • 133 posts

Posted 06 January 2010 - 11:49 AM #1

Hi,
I decided to write this thread as i'm using an older version of CS cart,and as a member of the community i would like to share a private message i got from a respectfull member of the community in how to secure your SP4.Feel free to add "POSITIVE" comments and observations...(please Spiral don't post here,this thread is for SOLUTIONS not to scare people)
Thank you.
this is the PM i got:

Quote:
Originally Posted by gabrieluk
Hi xxxxxxxx,
i wanted to ask you a question....are you using 1.3.5 sp4?if yes,could you point me towards the way to fix vulnerabilities?maybe some .htacess rewriting
Best regards,
Gabriel
----------------------------------------------------------------------------------------------
Hi Gabriel

I don't think there are any. I don't use Reward Points mod [uninstalled already] and if you applied whatever is in Customer area you should be safe.

Regarding htaccess, there's a long thread about how to use it. No perfect solution is available, that would work for all of us.


Also, use SSL for admin access and rename it.
http://forum.cs-cart...ead.php?t=12628


If you have a static IP at home, limit other IPs from being able to access your admin panel.


Remove skins you don't use, don't install other php scripts in CS directory, set correct permissions on folders [avoid 777!]

There's a script, which will monitor certain CS folders for changes and if something unusual happens, it will send you an email. I cannot find it now, but look for it on hotscripts.com /PHP

Hope, this helps. Good luck.
-----------------------------------------------------------------------------------------------
Number 1