View Single Post
  #2  
Old 01-08-2006, 04:42 AM
 
balinor balinor is offline
 

Veteran
  
Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253
 

Default

Just to add a few things to this that I see way too often:

1 - Never keep the 'Master' account. When you first log in to X-Cart, create a new admin account, log out, log back in with the new account and delete the master account.

2 - Password protect your Admin and Provider directories. One extra level of protection will discourage hackers. This can usually be done via your hosts Control Panel.

3 - Turn OFF the option of sending CC info via e-mail - in General Settings/E-mail options.

4 - Change your permissions:

.php - 644
.tpl - 644
.pl - 755
.sh - 755
VERSION - 644

FOLDERS

templates_c - always 777
catalog - 777 - (to be able to write catalog and then 755 once catalog has been written)
files - 777 - (to be able to write to the folder / upload pics etc)
log - 777

All others - 755

You can do this via FTP, your hosting control panel, or by using SSH with a command like this:

find ./ -name "*.php" -print -exec chmod 644 {} \;

5 - Disable storing of CC info in the database (unless you are using manual credit card processing). Open up config.php (found in your root directory) and change this line:

$store_cc = true;

to

$store_cc = false;
__________________
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
Reply With Quote