We are seeing a large number of oscommerce sites getting hacked lately. We posted some details about it here: http://blog.sucuri.net/2010/11/continuing-attacks-against-oscommerce-sites.html Anyone here using osCommerce? Did you guys followed the security recommendations to rename the admin folder / remove file_manager? If not, you might be hacked right now...
It applied with all other scripts as well, if you won't change admin folder then there are more chances to getting hacked.
osCommerce used to do well back in the day then become so unorganised and cluttered with bad programmers that it's a giant mess of spaghetti code. Now osCommerce does work. But anyone would be far better off getting an osCommerce based fork such as ZendCart or OSCMAX, which are generally more secure and come with more useful features by default.
We work with OSC, Zen cart, Creloaded, Magento etc. above 60% of the requirements come for OSC and now a days we can see huge push for magento. Magento coding is not that easy when comparing with OSC. When security is concerened, i belive all of them are secure enough to run a web shoppe.
Whilst there are loopholes in many online applications, the vast majority of so-called "hacks" result in poor security and configuration on the part of the site owner/developer. The problem will always arise with software like osCommerce which has gone through so many revisions since it was first developed. Yes, the majority of these revisions have improved matters, but along the way there have been contributions for practically anything you could wish for, and whilst these are generally "vetted" a little, even if only by fellow OSC users, it only takes a little mistake or oversight on the developers part and it could result in all sorts. I say this as I've worked with OSC for many years with various clients, and whilst it is by no means the best piece of kit out there, it is widely used, has as good a support base as you could expect and, by and large, does a job. Indeed Magento is a better bit of kit by a long chalk, but it's also much more difficult to work with, so until a few more people get familiar with it, we'll be seeing plenty of OSC sites and derivatives for some time yet. There's plenty out there about securing sites, eCommerce and otherwise, it's highly advisable those implementing shops do a spot of light reading before embarking on a default install from Fantastico and sticking a $69 skin on it... Just my 2 cents.
Thanks for the info guys. Well, I always use Virtumart for Ecommerce. and I installed some free Joomla security extension. IS that all right? or should I do more than that?