Jump to content
  • entries
    5
  • comments
    12
  • views
    12025

Secure ClicShopping


ClicShopping

5756 views

Websites are by nature high-risk elements of the information system. Security is of great importance, and this for several reasons.


The most known threats on websites are disfigurements and denial of service. Disfigurement is an attack in which an attacker modifies the site to replace the legitimate content with content they choose, for example relaying a political message to denigrate the site owner or simply to assert his attack as evidence expertise.

A denial of service for its object to make the site unavailable to its attack legitimate users. In both cases, the impact on the site owner is obviously a poor images and, in the case of a site for supporting a lucrative business, a shortfall.

To reduce the most common attacks ... Here are a few recommendations that you can apply.


Step 1 : Your administrators


Register an Administrator:

Your nickname: We recommend you to alias a complex that is not current or use your email.
Password: a complex password with * / - + - () necessarily complicate a hacker who wants to enter your online store ClicShopping.
 


 

Step 2 : The Security Module


In the menu menu Configuration /Action recorder, please edit the different modules to change the security.

For example, the default Administration module contains two types of value:

- Please specify the time waiting for a connection error in the administration part: This value indicates the time that a director must wait before attempting to reconnect


Note : More the time is long, more it's better.
- Please specify the number of allowed login to log in as admin: This value indicates the number of attempts allowed a connection. If this value is exceeded, it will be impossible to connect.
Note : More the value is small, more it's better (take a marge if you make a mistake).
In addition, each attempt failed connection, you will receive an email telling you that someone has tried to log in to your administration when there is an error.

In the menu Tools / Securities, server information, you will find a summary of the analysis of the principal organs of our server

Inside this menu, you have   more options than you can look and eventually can help you to update your configuration

 

You can also install in your dashoarb some modules can help or remind you some action to make inside your application.

 


 


Step 3 : Configuration files and access to your ClicShoppingAdmin


Theoretically, if you have followed the Installation Manual, it is not useful to speak on this item.

However, we recall that the rights on the file configure.php file must be read-only mode is chmod 444.
- One for security reason.
- Second for an update or upgrade.


Please make sure that these rights are correct.

 

The main important element are located :

/ClicShopping/Sites/ClicShoppingAdmin/conf.php

/ClicShopping/Sites/Shop/conf.php

/ClicShopping/Sites/conf/

 



Step 4 : Access to your administration


You can also change the directory ClicShoppingAdmin to  improve the security tool. However, you must perform several operations on this

- /ClicShopping/Sites/ClicShoppingAdmin/conf.php
-  Modify ClicShoppingAdmin directory  by your new directory

You can add an htaccess and htpasswd, if you want.

 


 

Etape 5 : Your Store - The images directory


About this directory, it is best is to let the server to manage that.
But for the best use, the images directories and sub-directories must be in CHMOD 755 and files 644 modes. Generally,  the default settings provided by the Apache server.


However, there may be a warning at the notifying administration ClicShopping it can not save the file. In this case, we recommend you to directories  and files in  777 mode .
ClicShopping records for setting up the product images file chmod 644.

If you create other directories, we advise you to put an empty index.html or index.php file types, you can create it directly from the images editor that is offered in ClicShopping.

In addition, this directory (but others too) are protected by a .htaccess file preventing them from access these directories via your browser.

 


 

Conclusion


If you apply these best practices, you will improve the security of your online store.

Do not forget to install the antispam App : https://www.clicshopping.org/forum/files/file/112-apps-configuration-antispam/
 

  • Thanks 1

2 Comments


Recommended Comments

Thank you,
I have not lot of knowledge withto implement a new website, your tutorial is usefull.

Link to comment
Celestino

(edited)

Hello,

Thank you

Nice tutorial, well explain and easy to follow for me.

Edited by Celestino
Link to comment
Guest
Add a comment...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use