LinkBack URL
About LinkBacksThanks for this. I will let you know how I go. Regards.
This is a discussion on Security Notice : osCMax 2.0.4 Released within the Announcement Discussions forums, part of the osCmax News and Announcements category; Thanks for this. I will let you know how I go. Regards....
Re: Security Notice : osCMax 2.0.4 Released Thanks for this. I will let you know how I go. Regards.
Re: Security Notice : osCMax 2.0.4 Released Hi,
I'm very confused so I need to try and clarify something. First a little background: someone is using my site to send spam email to all of my customers.
I found one fix here: r169 - oscmax2 - Project Hosting on Google Code#
and then this one about deleting the 2 files. My version is osCMax v2.0.2.
I'm just unsure of which solution is needed to do to fix my problem and get my site up and running again. As you can tell, I don't have much computer background and haven't had any luck finding anyone in my area to help me.
So...... can you please guide me a little here? I'm so lost!!
Thank you,
Phyllis
Re: Security Notice : osCMax 2.0.4 Released r169 should fix you up. Then make sure to change your admin folder location and limit access to the new admin location with .htaccess:
http://wiki.oscdox.com/setting_up_security
Michael Sasek
osCMax Developer
osCmax installation service - Have our professionals install osCmax on your server - same day service!
osCmax 2.0 User Manual - the must have beginners guide to osCmax v2.0
Stay Up To Date with everything osCMax:
Free osCMax Newsletters - Security notices, New Releases, osCMax News
osCMax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Re: Security Notice : osCMax 2.0.4 Released Thank you sooooooooooooo much Michael!!!
I'll start working on the items on that other security page right away. I may have some questions though. Some of the instructions are a little vague.
Take care,
Phyllis
Re: Security Notice : osCMax 2.0.4 Released rosarystuff,
If you let me know which bits are unclear I will try and write some more detailed instructions for you.
Regards,
pgmarshall
_______________________________
Re: Security Notice : osCMax 2.0.4 Released Thanks Michael and pgmarshall. I have followed your advice and the problems seem to have stopped. Your big brains are appreciated!
Re: Security Notice : osCMax 2.0.4 Released Hi Michael,
Well, for example editing the admin file. We are to change the name from admin to something else (as below).
define('DIR_WS_ADMIN', '/admin/');
- Open admin/includes/configure.php
- Edit these lines:
define('DIR_WS_HTTPS_ADMIN', '/admin/');
define('DIR_FS_ADMIN', '/home/mystore.com/www/public/admin/');
But is it really that simple? I thought the word admin was sprinkled throughout the entire store code. Wouldn't we have to change that word everywhere it appears as well? Or am I completely off base.
- The more obscure the name the better - try to use numbers and letters.
Also, if someone is looking for our admin section, and we choose a name that is completely different or that has letters or numbers in it, wouldn't that be a red flag for them to check that file because it's so much different than the others?
Am I making this more complicated than it needs to be? I'm just worried after what I just went through with hackers, so I want to make sure I do it right.
I also don't understand how to change the admin htaccess to my ip address.
I guess that's a good place to start.
Thanks for the help again.
Re: Security Notice : osCMax 2.0.4 Released You are completely off base. It really is as simple as changing the folder name and then editing the configure.php file to match the new folder name.But is it really that simple? I thought the word admin was sprinkled throughout the entire store code. Wouldn't we have to change that word everywhere it appears as well? Or am I completely off base
No. If they have no idea what the name of the folder is, it will be very difficult to find. The longer and more random the name, the less and less likely it will get found (especially by the automated bots used to hack sites these days). It would be far more risky to keep it set to admin.Also, if someone is looking for our admin section, and we choose a name that is completely different or that has letters or numbers in it, wouldn't that be a red flag for them to check that file because it's so much different than the others?
Yes.Am I making this more complicated than it needs to be?
Let me google that for youI also don't understand how to change the admin htaccess to my ip address.
Michael Sasek
osCMax Developer
osCmax installation service - Have our professionals install osCmax on your server - same day service!
osCmax 2.0 User Manual - the must have beginners guide to osCmax v2.0
Stay Up To Date with everything osCMax:
Free osCMax Newsletters - Security notices, New Releases, osCMax News
osCMax on Twitter - Up to the minute info as it happens. Know it first.
osCmax Documentation
Re: Security Notice : osCMax 2.0.4 Released Love the Let Me Google That For You! Will be using that from now on!!
Anyway - reason for post - Wiki Updated
Regards,
pgmarshall
_______________________________
Re: Security Notice : osCMax 2.0.4 Released Thanks for the help. I'm so glad it's easier than I thought (I have a habit of making some things more difficult). LOL.
Let me fiddle with it a bit and see what else comes up. Thanks again.
Oh, and by the way. I don't quite understand the google comment, but if it's a joke at my expense, at least you guys got a good laugh!! You've got to take those when they come. LOL
Take care,
Phyllis
Posting Permissions
Bookmarks