The Official Website of AgoraCart and Agora.cgi
AgoraCart.com Demos Download AgoraCart User Manuals & Wiki Gold Members Forum Go Gold Now! Gold Version Memberships

AgoraCart.com

About
Features
Download
Payment Gateways
Send a Donation
Founders Club
BLOG: News & Updates

Showcases & Demos

AgoraCart Demos
Shop Live Stores

Downloads & Add-ons

Gold Version Downloads
DBwizz Database Mgr.
AgoraCart.com Store

Help & Support

User Manuals
Gold Version Users Forum
Gold Version Chat
Tech Support
Certified Agora Pros
Certified Designers
Hire a Freelancer

Gold Version Members

Member Benefits
Join Today!
Gold Members Home
Gold Version Users Forum
Gold Version Chat Rooms
Gold Version Downloads

For Store Owners

Merchant Accounts
Cool Resources
Advertise Here
"Powered by" Logos
Web Hosting Search

Misc.

Contact Us
MEET's Talking Guide
The Ancient Greek Agora






AgoraCart Free User Forums

This is the official FAQ and Cool Tips guide For the AgoraCart shopping Cart software


Official Sponsors of the AgoraCart Project:

       


RegisterSearchFAQLog in
Reply to topic Page 1 of 1
How to secure my shop for hacking on the server?
Author Message
Reply with quote
Post How to secure my shop for hacking on the server? 
I did not take action for the security of hacking my shop(brrr)
Can you explain what steps to take to have a safe shop running on the server?
Thanks in advance
Doumawis Smile

View user's profile Send private message Send e-mail
Reply with quote
Post  
well. the further you vary from the default store the more likely you will risk vulnerabilities. the defualt store you installed is bullet proof. but things the user does or doesn't do can change that in a quick hurry.
one benefit of hacking the store is nobody really knows what you did to target that code to try and mess with you. the reputation of agoracart is such that anyone who knows anything will look for easier pickins.
some things you can do is make sure you have index.html files in all of your store directories.
run the store in the cgi-bin for some added security.
replace all htaccess files in the store with your cpanel protect folders program. the only one that need passowrd protecting is the store/protected folder. all the rest just deny direct web access.
make sure your files have the proper permissions. almost all are 644. none should be 777 or 776. if the program doesn't run on 755 max for any file (only files required at 755) then something is wrong. always, always keep all of your scripts at the lowest possible permissions. never any file at 777...EVER. directories and sub directories can be 777 but it's very unusual for any directory needing more that 755. any more and the server configs need to be corrected.

be very careful about what you hack and how. any doubts just post and someone can probably look things over.

after all of that what happened? did your site get hacked?
dan

Reply with quote
Post  
Don't forget to change the default login id/pw for you manager.cgi Everyone knows what the defaults are so set them to something else. I've seen help requests get answered with information that can only be obtained by going through the manager.cgi While most folks offering help here won't do something to sabotage your store you can't be so sure about other people. Make sure you cut people off at the pass.


_________________
Carol aka SouperMom
http://www.soupermom.com
View user's profile Send private message Visit poster's website
Reply with quote
Post  
Dan wrote:

some things you can do is make sure you have index.html files in all of your store directories. =>
run the store in the cgi-bin for some added security.=> not possible anymore
replace all htaccess files in the store with your cpanel protect folders program. the only one that need passowrd protecting is the store/protected folder. => ofcourse i chanced the default password protecting ( see Carol reply notes)
all the rest just deny direct web access. => so all folders in the store (except the :protected folder)
make sure your files have the proper permissions. almost all are 644. none should be 777 or 776. if the program doesn't run on 755 max for any file (only files required at 755) then something is wrong. always, always keep all of your scripts at the lowest possible permissions. never any file at 777...EVER. directories and sub directories can be 777 but it's very unusual for any directory needing more that 755. any more and the server configs need to be corrected.

be very careful about what you hack and how. any doubts just post and someone can probably look things over.

after all of that what happened? did your site get hacked?
dan



Quote:
after all of that what happened? did your site get hacked?
=> brr not yet and i hope that it will never be the case, because making a shop is time-consuming but on the other hand fun and interesting to do

doumawis Smile

View user's profile Send private message Send e-mail
Reply with quote
Post  
well that's good news. it's never fun to get hacked. a few more tips...
backup your site! if your cpanel has the backup feature use it! back up your aliases, filters, mysqld data base(s) and your entire site download all of the backups (ftp in binary) to your pc. do not rename or try to open! burn to cd then delete the backups off your domain to save space.
it's a good idea to go through all of your email accounts before backing up. delete all spam and files with attachments that are suspect. delete all emails from people you do not know and even those from ppl you do know with suspect subject lines. many of these emails can contain worms and other nasty stuff. you do not want them on your pc and you do not want to reinstall them on your sever if it become necessary to restore from a backup. if after all of this your virus scanner sounds off after scanning after you download look at the scanner's reports. the path to the suspect code will tell you whether it's a false positive warning.if it's in any email box it's a virus or whatever. if it's else where then find out where and investigate. any true virus anywhere on your domain other than the mail boxes can mean you been hacked full frontal or possibly from another account on the server.
if you need to restore then extract your backup off the cd, ftp in binary to your / directory then go to the backup program in cpanel and run the process from there.
keep fresh and frequent backups. if you have 25% of disk space left from your account quota the backup may not work. clean off all files and programs and databases you don't need anymore and ask for more space from your hosting company if you run a backup and use all free space agoracart and other programs that need to write to something will not work. so keep your domain tidy and free of all stuff you don't need. you can download and archive those 40megs of images you're not using anymore...grin. delete the test stores and stores that broke during dev. help to keep the server and your site running at it's peak by not using your site as a archive or a trash bin.
that should keep you going. do back ups! unless you want to start from scratch.
dan

Display posts from previous:
Reply to topic Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum