extra security info

[rhaught]

Have done the following: All folders set to 0755, all files to 0644, both configuration files set to 0444, password protected the admin section. Read about doing the same for the images folders, to make them password protected as well. What about the persmission settings? Also saw threads dealing with htaccess. How do I make sure those are set to not allow unwanted visitors? Never dealt with that before. Using version 1.3.8a.

[kobra]

Be proactive and do the things suggested if one is hacked BUT do them before you are:

http://www.zen-cart.com/wiki/index.p...ing_From_Hacks

[rhaught]

Ok according to the Wiki article here is what I have done, doing or not sure on how to do:
1: Delete the /zc_install folder done
2: Rename your /admin folder doing but is that all the files that will need to be changed to make it work? htaccess already exists due to newer version of zen cart so what would need changed?
3. Set configure.php files read-only done
4. Delete any unused Admin accounts done and the only person listed
5. Admin Password Security done
6. Protect your "define pages" content in "html_includes" set as 0644 automatically but should I set to 0444
7. Use .htaccess files to protect against unwanted snooping Find these automatically installed but no idea if they are good or not. Haven't messed with them at all.
8. Disable "Allow Guest To Tell A Friend" feature done
9. Protect your "images" and other folders folders set to 0755 and files to 0644
10. Remove the print URL feature from your browser tried via IE but couldn't find the Pagesetup and the other one I have is Opera

[kobra]

Your current settings look fine and the default htaccess has this and protects snooping

Code:

<Files *.php>
Order Deny,Allow
Deny from all
</Files>

[rhaught]

Thanks, worried about the 0644 for images since the congfiguration files are set to total read only 0444 though still.