OsCommerce / ZenCart Security

If you have an online store it is certain that website security is one of the keys to its success. If your store is insecure than problems are bound to happen. Customers will complain that once they purchase something their credit cards are used in other parts of the world without their authorization... The worst will come when your payment processor finds out about these problems...

Anyway, don't get scared as our aim is to talk more about website security. Unfortunately, OsCommerce and ZenCart don't have much in common with website security. They are built on a platform started almost 10 years ago. New versions come slowly and security vulnerabilities exist for months. Practically, almost every website stored built on OsCommerce / Zencart is compromised unless the owner has taken additional measures to protect it.

If you wonder whether your store is among the compomised, download the images folder. Sort the files by extension and look for files with .php, .pl or .cgi extension. If you have such a file there, it is 100% certain your store is compromised. Those files could be names something simple from fr.php to googleadasd323asdad.php. Sometimes they have some authentic OsCommerce code other times they are pure backdoors. In any case, you should delete them asap

In any case, it is recommended that you migrate your web store to a newer and more secure e-commerce platform such as Magento. The migration might not be easy, especially if your store is large. Still, it will be worth it in the long term and the best option for your website security.

blog comments powered by Disqus