| Posted by stubbyd, 11-25-2011, 02:21 PM | | Are there any OSCommerce / PHP folks here (or know of any) that do security sweeps and code cleanup / check looking for and removing any issues found?
Also would then like the same folks to lock down the site afterwards as best they can with current knowledge.
Or is one of the automated site monitor / sweepers best for this? Such as over at godaddy. com /security (it seems I don't have enough rights to post a link).
And please don't suggest I head over to the OSCommerce forums - they seem quite set in their ways and not prepared to give helpful answers (IME).
|
| Posted by tvcnet, 11-25-2011, 09:06 PM | | Hi,
A search in Google for:
hack repair or malware repair
should turn up a number of shops that do this type of work.
|
| Posted by cpet, 11-25-2011, 09:26 PM | | What exactly are you looking for ? Oscommerce is a rather secure piece of software and if you keep it up to date you shouldn't have any issues?
|
| Posted by fshagan, 11-26-2011, 12:20 AM | | I've used the Securi online scanner, and they have a service to clean infections ... see http://sitecheck.sucuri.net/scanner/
On my servers, I use ConfigServer.com's cxs (Configserver eXploit Scanner) and do nightly scans. It can do a deep scan of every file on the server and look for "fingerprints" of known exploits. They offer a securing service as well, which I haven't used, but I like their software.
|
| Posted by stubbyd, 11-26-2011, 03:55 AM | | Not from my reading of the forums.
Plus I'm told the version we have is out of date bu one 'guru' then another says it's the most recent stable release and should be ok if you do x, y, z and a a secret handshake.
To answer your question though - we (the not for profit group) need someone to do a thorough audit / check and declare the setup clean and then to lock it down such that it remains that way. I'm a hardware engineer not a software one and freely admit I know little but dabble too much (probably).
|
| Posted by stubbyd, 11-26-2011, 04:05 AM | | Thanks. I shall check them both out.
|
| Posted by stubbyd, 11-26-2011, 04:16 AM | | Yup - done that but was after specific recommendations for the OSCommerce / PHP type setup we are running - most results just say they check / scan / etc but not how deep or what they do when an infection is found.
|
| Posted by fshagan, 11-26-2011, 09:06 AM | | Depending on the non-profit, you might find someone who will volunteer to help (I just did for a non-profit on a Wordpress install). I haven't used OSCommerce in years, so I'm not sure I would be much help.
If you can swing the $50 charge for cxs, it would be worth it. You can set it to scan nightly. The other option is an open source malware scanner called maldet or LMD ("linux malware detection"), but I haven't personally used it. Install it with CHKROOTKIT and RKHUNTER and you would at least have nightly scans that will show any changes to files, compare file signatures against known threats, etc.
|
| Posted by stubbyd, 11-26-2011, 09:37 AM | | Now that looks interesting. I was looking at their site earlier but didn't spot that offering so thank you.
And at $50 I'm sure they can stump up that. If not I'll pay that myself just to eliminate the hassles I'm having. I only mentioned not for profit in case I was offered any services that were exorbitant
Thank you.
|
|
 Add to Favourites
 Print this Article
|
