Post by nostrade » Wed Mar 18, 2015 12:31 pm

Hi Everyone,

I want to know is there some ways to hide the information of OpenCart from Wappalyzer ?

Cause sometimes we don't really want it to be exposure

Newbie

Posts

Joined
Wed Mar 18, 2015 12:29 pm

Post by ocmobi » Thu Mar 19, 2015 1:05 am

It's possible, but they also change detection methods and as Opencart evolves so will Wappalyzer so you may have to keep up from time to time if you change Opencart versions.

According to https://github.com/ElbertF/Wappalyzer/b ... json#L2214 the identification of OpenCart is currently using:

1) the route - ?:index\.php\?route=[a-z]+/
2) "Powered By" - Powered By ]+OpenCart

So make sure there is no powered by and you may have to do some url re-writing in htaccess or use an SEO extension to clean up your urls. Make sure there's a .htaccess and it's not htaccess.txt

OCMobi - Opencart 1x and 2x native mobile applications, developer SDKs, Rest API, and custom services. Email us at support@ocmobi.com!

Pricing | Features | Custom Services
Facebook | Twitter | Google+ | Instagram


User avatar
New member

Posts

Joined
Wed Mar 04, 2015 1:41 am


Post by IP_CAM » Thu Mar 19, 2015 1:08 am

Check here for more on this:
http://stackoverflow.com/questions/2518 ... -framework

Google is always your best friend for such Things:
https://www.google.ch/search?q=Wappalyz ... e9PauzgYgP

Ernie
bigmax.ch/shop/

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by nostrade » Thu Mar 19, 2015 2:17 am

Hi friends, thanks for reply my question.

But have you try it by your self?

Before I posted here, I have try the resource/all link that you mention above.
It useless, Wappalyzer still can detect opencart platform.

Newbie

Posts

Joined
Wed Mar 18, 2015 12:29 pm

Post by ocmobi » Thu Mar 19, 2015 2:25 am

Sorry I posted an old link, https://github.com/AliasIO/Wappalyzer/b ... /apps.json is current. And it does state,

"OpenCart": {
"cats": [
6
],
"html": "(?:index\\.php\\?route=[a-z]+/|Powered By <a href=\"[^>]+OpenCart)",
"implies": "PHP",
"website": "www.opencart.com"
},

So there you have it, show me a link to your site and I'll tell you right away if I find the powered by or an url scheme that would test positive on Wappalyzer and whether or not you fixed it. Any url that uses route= indicates it's Opencart to this system, so you need SEF and by crawling your site it can't find any urls that match that pattern.

OCMobi - Opencart 1x and 2x native mobile applications, developer SDKs, Rest API, and custom services. Email us at support@ocmobi.com!

Pricing | Features | Custom Services
Facebook | Twitter | Google+ | Instagram


User avatar
New member

Posts

Joined
Wed Mar 04, 2015 1:41 am


Post by nostrade » Thu Mar 19, 2015 2:35 am

thanks very much ocmobi, I am really appreciate.

By the way, my website is on localhost. Not yet published.
I have delete powered by.

Some of my webpage is still use "route=" pattern.
How to change route pattern on all webpage?

I used SEO, but it is not change all webpage address, some webpage still use the route pattern. for example: contact us, and others custom page.

Newbie

Posts

Joined
Wed Mar 18, 2015 12:29 pm

Post by ocmobi » Thu Mar 19, 2015 2:38 am

You can use url re-writing like I said in my first post, so make rules to change this in .htaccess and everytime you come across an offending url add it in. Hopefully it's not many pages...

Otherwise is there an extension that changes all of this for you? Why are you so concerned with wappalyzer?

It's also probably evident from viewing source of the web page if anyone was really that interested so it may not be automated but often you can tell by viewing source regardless.

OCMobi - Opencart 1x and 2x native mobile applications, developer SDKs, Rest API, and custom services. Email us at support@ocmobi.com!

Pricing | Features | Custom Services
Facebook | Twitter | Google+ | Instagram


User avatar
New member

Posts

Joined
Wed Mar 04, 2015 1:41 am


Post by nostrade » Thu Mar 19, 2015 2:45 am

it's not many page.

I just don't want to be exposed. Wappalyzer can detect our platform, php version, apache, I don't want it to be exposed for public.

can you gave an example how to make rules in .htaccess ?
Have you implemented on your website?

Newbie

Posts

Joined
Wed Mar 18, 2015 12:29 pm

Post by ocmobi » Thu Mar 19, 2015 2:52 am

I wouldn't worry about it to much, if someone was maliciously targeting you they'd probably know you were using open cart by right clicking on your website and choosing "view source". Than knowing it's opencart they would tailor exploits to known Opencart exploits that's just the cruel reality of opensource software. Or they'd try other common exploits published for all to see at the server level to see if you're on poor hosting with bad server config. Other easy ways is to just exploit permissions issues which a lot of people accidentally introduce on files and directories. People upload gifs and can cause all sorts of issues too it's annoying.

Use cloudflare free plan, put a security service in between you and your visitors for a bunch of free security and sleep easy at night. I use it, opencart uses it, many people use it. Just change your DNS to point to their name servers once you publish your site online.

I don't have the time to experiment with .htaccess rules that would solve your problem right now sorry, maybe someone else does or you can learn online and experiment.

OCMobi - Opencart 1x and 2x native mobile applications, developer SDKs, Rest API, and custom services. Email us at support@ocmobi.com!

Pricing | Features | Custom Services
Facebook | Twitter | Google+ | Instagram


User avatar
New member

Posts

Joined
Wed Mar 04, 2015 1:41 am


Post by nostrade » Thu Mar 19, 2015 2:57 am

ok, I will try cloudflare free plan once I have published my website.

again, thanks ocmobi for your kind help :D

cheers

Newbie

Posts

Joined
Wed Mar 18, 2015 12:29 pm

Post by hmadawy007 » Tue Apr 14, 2015 4:09 pm

Dear ocmobi

Please how can edit this step 1) the route - ?:index\.php\?route=[a-z]+/ What file name

Thanks for Help

New member

Posts

Joined
Tue Apr 07, 2015 8:17 pm

Post by ocmobi » Fri Apr 17, 2015 12:01 am

Also FYI,

You should also hide your web server signature using .htaccess if you don't want your php/apache version to be sent out by your web server. Sometimes in the headers or a 404 page it will give identifying information about php and apache. You may not have control over this if you use shared hosting but there are ways to not identify any information like this from the web server.

OCMobi - Opencart 1x and 2x native mobile applications, developer SDKs, Rest API, and custom services. Email us at support@ocmobi.com!

Pricing | Features | Custom Services
Facebook | Twitter | Google+ | Instagram


User avatar
New member

Posts

Joined
Wed Mar 04, 2015 1:41 am


Post by antonior14 » Fri Apr 17, 2015 7:04 pm

Hi! I need to hide Opencart to wappalyzer too working on seo_url.php file, and I partly resolved issue inserting and enabling SEO.

$link = str_replace('index.php?route=', '', $link);

before

return $link;

It works only for categories, but not for others, for example products and others ???

Newbie

Posts

Joined
Wed Feb 11, 2015 8:01 pm
Who is online

Users browsing this forum: Majestic-12 [Bot] and 12 guests