Search the Community
Showing results for tags 'clicshopping'.
Websites are by nature high-risk elements of the information system. Security is of great importance, and this for several reasons. The most known threats on websites are disfigurements and denial of service. Disfigurement is an attack in which an attacker modifies the site to replace the legitimate content with content they choose, for example relaying a political message to denigrate the site owner or simply to assert his attack as evidence expertise. A denial of service for its object to make the site unavailable to its attack legitimate users. In both cases, the impact on the site owner is obviously a poor images and, in the case of a site for supporting a lucrative business, a shortfall. To reduce the most common attacks ... Here are a few recommendations that you can apply. Step 1 : Your administrators Register an Administrator: Your nickname: We recommend you to alias a complex that is not current or use your email. Password: a complex password with * / - + - () necessarily complicate a hacker who wants to enter your online store ClicShopping. Step 2 : The Security Module In the menu menu Configuration /Action recorder, please edit the different modules to change the security. For example, the default Administration module contains two types of value: - Please specify the time waiting for a connection error in the administration part: This value indicates the time that a director must wait before attempting to reconnect Note : More the time is long, more it's better. - Please specify the number of allowed login to log in as admin: This value indicates the number of attempts allowed a connection. If this value is exceeded, it will be impossible to connect. Note : More the value is small, more it's better (take a marge if you make a mistake). In addition, each attempt failed connection, you will receive an email telling you that someone has tried to log in to your administration when there is an error. In the menu Tools / Securities, server information, you will find a summary of the analysis of the principal organs of our server Inside this menu, you have more options than you can look and eventually can help you to update your configuration You can also install in your dashoarb some modules can help or remind you some action to make inside your application. Step 3 : Configuration files and access to your ClicShoppingAdmin Theoretically, if you have followed the Installation Manual, it is not useful to speak on this item. However, we recall that the rights on the file configure.php file must be read-only mode is chmod 444. - One for security reason. - Second for an update or upgrade. Please make sure that these rights are correct. The main important element are located : /ClicShopping/Sites/ClicShoppingAdmin/conf.php /ClicShopping/Sites/Shop/conf.php /ClicShopping/Sites/conf/ Step 4 : Access to your administration You can also change the directory ClicShoppingAdmin to improve the security tool. However, you must perform several operations on this - /ClicShopping/Sites/ClicShoppingAdmin/conf.php - Modify ClicShoppingAdmin directory by your new directory You can add an htaccess and htpasswd, if you want. Etape 5 : Your Store - The images directory About this directory, it is best is to let the server to manage that. But for the best use, the images directories and sub-directories must be in CHMOD 755 and files 644 modes. Generally, the default settings provided by the Apache server. However, there may be a warning at the notifying administration ClicShopping it can not save the file. In this case, we recommend you to directories and files in 777 mode . ClicShopping records for setting up the product images file chmod 644. If you create other directories, we advise you to put an empty index.html or index.php file types, you can create it directly from the images editor that is offered in ClicShopping. In addition, this directory (but others too) are protected by a .htaccess file preventing them from access these directories via your browser. Conclusion If you apply these best practices, you will improve the security of your online store. Do not forget to install the antispam App : https://www.clicshopping.org/forum/files/file/112-apps-configuration-antispam/
ClicShopping is an open source application to manage online stores (B2B, B2C, B2B/B2C), open and private sale. In addition, you can qualify the application of social e-commerce with its capabilities that allow the administrator to interact with social networks and users (the catalog is not forgotten also). This process has been tested on : Maria-Db and Mysql Panel Admin : IspConfig V3 - Cpanel Ubuntu Debian Download ClicShopping To begin, you should download the compressed files containing all necessary files and archive. Download ClicShopping and unzip the file. Setting up your FTP software You will also need an FTP software to upload files to your server. One of the most used (which we recommend) is Filezilla. You can download the filezilla.org website and install it. From elements that you were given by your host, configure filezilla so that it can connect to your hosting. 1 - How to Use Filezilla. - Click File and Site Manager. You will get the following items below. - Fill the host box, which is usually your website - Select the appropriate file transfer protocol: FTP generally - Choose the type of authentication: usually: normal - Enter your username: give your host - Indicate voting password: give your password - Click on Connection 2 - Upload files You must connect to the server and download the files in the target directory of your instance (This directory typically contains an index.php or index.html). Given the variety of settings of the servers, it may be in a directory, groups, for example web. 3 - Permission on files There are two important files in ClicShopping solution in order to begin the installation correctly. These files require a temporary change permissions during the installation process The following files are located in the directory - /includes/ClicShopping/Sites/Shop/site_conf.php : store configuration file (catalog) - /includes/ClicShopping/Sites/ClicShoppingAdmin/site_conf.php : store configuration file (administration) - /includes/ClicShopping/Conf : 2 files - /includes/ClicShopping/Work : All the directories including the sub-directories - /sources/images/ : All the directories including the sub-directories In Filezilla, go to the directory and right mouse button, - Click Change file attributes - In numerical value: Specify the 777 value (allowing the writing to file) - Click Ok Note : In function of your hosting, you must have to make some other 777 directories to make. In this case, you will have an alert inside your administration 4 - Installing ClicShopping You can now start installing ClicShiopping. Indicate in your browser following url: https://www.mydomain.com/shop/install (change mydomainame.com par your domain) Step 1 :Server check The second step is to set write permissions on folders and files on your server. You need for this step of your FTP and assign the correct rights (see Step 3 for explanation) based on directories and files listed in step installation Once this is done, you can refresh your browser by pressing the F5 key to see if the parameters you changed are correct. If all the lights are green, then you can proceed to the next step Step 2 : Configuring the database This step is to make a connection to your database. For safety reasons, it may be that you can not create the database from the installation file. Your host has provided you with a password, a login (username), web address to connect to the administration of PhpMyadmin or from your hosting manager to create a database . Depending on the case, you will have 4 parameters at your disposal Server database: usually localhost The login user name: provided by your host or one that you created Password: given by your host or one that you created The name of the database: given by your host or one that you created From these elements, fill the form Then click Next and wait for the download process to happen. Once this is finished, you will automatically to the next step. Please do not interrupt the process. You have an option to install the demo to test ClicShopping Important note : If you have an error : Unknown storage engine 'innodb': please follow the instruction via this post : https://www.clicshopping.org/forum/topic/448-error-db-unknown-storage-engine-innodb/ Step 4 : Setup files conf.php This step allows you to retrieve various parameters to set the configure.php files correctly. There is no specific operation to be performed on this stage, click Next Step 5 : Setup ClicShopping This step is done so that you can access your administration and shop Notes: In the username, please enter your email address In the password, please use the symbol * / - eG This will give you greater security. Etape 6 : Secure files This step will show you how to perform a security tool files. From FTP - Reassign the configure.php files in read-only mode (444) (step 3 procedure) or verify - /includes/ClicShopping/Sites/Shop/site_conf.php : store configuration file (catalog) - /includes/ClicShopping/Sites/ClicShoppingAdmin/site_conf.php : store configuration file (administration) - /includes/ClicShopping/Conf : database access - Remove the installation directory : Shop/Install - Any other operation will be indicated by the installation procedure. Once this is done, you can access your administration and start the setup according to your needs. - To secure your application, we recommend you to read this article (but you can make this more later) : https://www.clicshopping.org/forum/blogs/entry/5-secure-clicshopping/ If you have a problem do not hesitate to create a post on the forum. More Informations : Community : https://www.clicshopping.org Software : https://github.com/ClicShopping Official add on : https://github.com/ClicShoppingOfficialModulesV3 Community add on : https://github.com/ClicShoppingV3Community trademark License info : https://www.clicshopping.org/forum/trademark/ Marketplace : https://www.clicshopping.org/forum/files/ Enjoy