Page 1 of 1
Basic "after installation" changes/mods to help security issues
Posted: Sat May 25, 2024 7:33 pm
by ggrant3
v3.0.3.9
Hello,
Back when I installed OC v .1.5.5.1 I recall there was a thread that gave advice of things to do after the installation, like tips/tricks
Like:
-change the permissions on certain files to certain (Read/Write/Execute) values to make things more secure.
-Setup tips for the htaccess file(s)
-Rename the admin folder
etc.
Is there a thread like that for OC 3.x (or more specifically 3.0.3.9)?
Also, I noticed checking the page source of my OC store that there was a line of code in the source file "<link href="catalog/view/javascript/jquery/swiper/css/opencart.css" type="text/css" rel="stylesheet" media="screen" /> - Is it possible to change that file name in order to prevent bots from searching for that info in the source code to identify the store as an Opencart store and try to spam or hack it?
Re: Basic "after installation" changes/mods to help security issues
Posted: Sat May 25, 2024 8:23 pm
by ADD Creative
There is
https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.
You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.
Re: Basic "after installation" changes/mods to help security issues
Posted: Sun May 26, 2024 1:06 am
by ggrant3
ADD Creative wrote: ↑Sat May 25, 2024 8:23 pm
There is
https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.
You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.
Thank you.
So is it pointless to spend time renaming that file then? I just figured they were crawling the page source and looking for "Opencart" references
Re: Basic "after installation" changes/mods to help security issues
Posted: Sun May 26, 2024 6:40 pm
by JNeuhoff
If you are worried about potential spambot, then we recommend the
SpamBot Buster.
Re: Basic "after installation" changes/mods to help security issues
Posted: Sun May 26, 2024 7:56 pm
by ADD Creative
ggrant3 wrote: ↑Sun May 26, 2024 1:06 am
ADD Creative wrote: ↑Sat May 25, 2024 8:23 pm
There is
https://docs.opencart.com/en-gb/adminis ... /security/ with a little bit of infomation. It's going to be the same for any OpenCart version.
You could rename that file and change the links in catalog/controller/extension/module/. However there are other was in detecting it's OpenCart.
Thank you.
So is it pointless to spend time renaming that file then? I just figured they were crawling the page source and looking for "Opencart" references
Not every OpenCart will include the file, as it's part of a module. Just knowing that there are files in catalog/view/javascript/ and by the format or other URLs would be enough to detect it's OpenCart.
Re: Basic "after installation" changes/mods to help security issues
Posted: Mon May 27, 2024 3:17 am
by ggrant3
Got it.
Thank you
Re: Basic "after installation" changes/mods to help security issues
Posted: Sat Jun 22, 2024 9:06 am
by Elevate
Some of the basics include:
Make sure folders are assigned 755 permission and files 644 when uploaded
You can password protect the admin directory so the /admin page won't load until a separate username and password entered
Secure the .htaccess file by adding this at the top
# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
Make sure the /install/ folder is deleted
Make sure each of your passwords are strong and unique (OC admin, password for database username, hosting control panel, ftp account(s), etc)
Install and use a Firewall to prevent attacks from happening in the first place