Basic "after installation" changes/mods to help security issues

v3.0.3.9

Hello,

Back when I installed OC v .1.5.5.1 I recall there was a thread that gave advice of things to do after the installation, like tips/tricks

Like:
-change the permissions on certain files to certain (Read/Write/Execute) values to make things more secure.
-Setup tips for the htaccess file(s)
-Rename the admin folder
etc.

Is there a thread like that for OC 3.x (or more specifically 3.0.3.9)?

Also, I noticed checking the page source of my OC store that there was a line of code in the source file "<link href="catalog/view/javascript/jquery/swiper/css/opencart.css" type="text/css" rel="stylesheet" media="screen" /> - Is it possible to change that file name in order to prevent bots from searching for that info in the source code to identify the store as an Opencart store and try to spam or hack it?

There is https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.

You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.

ADD Creative wrote: ↑

Sat May 25, 2024 8:23 pm

There is https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.

You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.

Thank you.

So is it pointless to spend time renaming that file then? I just figured they were crawling the page source and looking for "Opencart" references

If you are worried about potential spambot, then we recommend the SpamBot Buster.

ggrant3 wrote: ↑

Sun May 26, 2024 1:06 am

ADD Creative wrote: ↑

Sat May 25, 2024 8:23 pm

There is https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.

You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.

Thank you.

So is it pointless to spend time renaming that file then? I just figured they were crawling the page source and looking for "Opencart" references

Not every OpenCart will include the file, as it's part of a module. Just knowing that there are files in catalog/view/javascript/ and by the format or other URLs would be enough to detect it's OpenCart.

Got it.

Thank you

Some of the basics include:

Make sure folders are assigned 755 permission and files 644 when uploaded

You can password protect the admin directory so the /admin page won't load until a separate username and password entered

Secure the .htaccess file by adding this at the top
# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>

Make sure the /install/ folder is deleted

Make sure each of your passwords are strong and unique (OC admin, password for database username, hosting control panel, ftp account(s), etc)

Install and use a Firewall to prevent attacks from happening in the first place