How to secure your store after install

[Cipboy]

Hi!
I am new around here and i've just installed the PrestaShop.
I am concerned that the installation required setting permissions to 777 (on several important files) and now i'd like to know if i change the permissions back to 755 would ruin the shop it's functionality?

A tutorial on how to secure the online store would be much appreciated among all users i think.

Some help questions that would need answers:

- How can i prevent any injection attacks

- How can i monitor sites for unauthorised changes

- How can i block elicit access attempts with IP trap

- How can i add htaccess protection

- How can i stop Cross Site Scripting attacks

- Permissions on folders should be no higher than what value?

Thx in advance for the answer/answers!

[Hari Sudibyo]

To many question... But i want to know where is the important file we must protect?

Sorry, my english not good...

[Univers des Petits]

Hi,

To prevent injection attacks, you should install crawltrack (www.crawltrack.net).

Kind Regards,

[Guest]

just rename admin directory and protect you password and username is enough

[Cipboy]

I asure you this is not even close to enough. I already did that after install For example your images arent safe with just changing the admin folder name

[xnitrorc]

I agree with Cip Boy.

I never pasyed much attention to security my site has been hacked twice now i am taking every precaution with security i ran an Acunetix Web scan on a fresh instalation of prestashop.

it showed severaly vunuaralbilities with order.php and zoom.php as i' don't have exstensive knowledge about prestashop files and how they work this may be because ssl was not set up of the prestashop instalation and order.php will be incharge of holding informatio email telephone and addesses.

I now am taking every precaution with security:

i brought a new server with a friend of mine and we have set up a pilot server which is the only connection between us and the server. So we need to access that to access the main server.

More security than fork nocks i'm reading tons of forums about server firewalls and anti virus.

[stevenrokz123]

Insecure site is hackers paradise. I believe in security of site. firewall plays vital role against unauthorized intrusion.

[rocky]

zoom.php can be safely removed from your site. It is no longer used by Prestashop. That means you will only have to worry about order.php. If you PM me the vulnerabilities in order.php, I'll pass them on to the Prestashop team.

[Sudhir]

hi just thinking should we discuss vulnerabilities openly ?
are we not feeding this input to the guys who are looking to break ?
just my thoughts

ideally i think we should have a script to run post install to fix all permissions this will help once for all for perm related issues.

for coding related stuff .. i think a lot needs to be done as far as customer info etc is concerened.

cheers

[rocky]

Yes, that's why I suggested that you PM the vulnerabilities to me instead of posting them here and I'll pass them on to the Prestashop team.