Most Things Web

SEO and Web Security since 2006

xt:Commerce/xtc:Modified Security Pack Version

von · Veröffentlicht · Aktualisiert

So here it is, 3 steps to dramatically increase security in your xt:Commerce 3.04 SP2.1 (or xtc:Modified 1.01) online shop. The security pack is based on the PHP Application and Website Defense Library (SSEQ-LIB) and consists of:

  • Current version of SSEQ-LIB, the PHP Application and Website Defense Library.
  • Some slightly modified xt:Commerce/xtc:Modified files to prevent Cross Site Request Forgery.

What the security pack is supposed to do

Having the SSEQ-LIB included instantly fortifies the xt:Commerce session and cookie. Your online shop then is secured against:

  • Session-Fixation
  • Session-Hijack

With the SSEQ-LIB filter mechanism (aka. Web Application Firewall) and a customized filter definition for xt:Commerce/xtc:Modified even unknown or not patched security flaws in your installation are closed. The filter additionally secures against:

  • Cross Site Scripting
  • SQL-Injection

The security pack also comes with some slightly modified files from the original xt:Commerce/xtc:Modified shop. The changes consist in fact of two well placed functions which make sure your shop is secured against:

  • Cross Site Request Forgery

Installation

You may want your shop be secure in minutes. You’ll be happy to read the installation instruction. But first I really encourage you to make a backup of your shop – you’ll maybe need it.

  1. Download xt:Commerce/xtc:Modified Security Pack Version 0.1.
  2. Make a copy of your files – just in case.
  3. Unzip the Security Pack in your fresh xt:Commerce/xtc:Modified installation and override any files.
  4. You are done now.

Footnotes

Not having an original xt:Commerce at hand, I took xtc:Modified 1.01 (http://www.xtc-modified.org) which is in fact xt:Commerce 3.04 SP2.1 with some extra. So using the Security Pack may work well for you, elsewhere restore your shop with the files you have saved before installing the Security Pack.

Download

Security Pack 0.8 for xtc:Modified 1.01xtcModified_1.01_security_pack_v08.zip

Security Pack 0.2 for xt:Commerce 3.0.4 SP2.1xtcommerce_3.0.4_SP2.1_security_pack_v02.zip

Themenverwandt:

  1. Online Shop „xtc:Modified“ (Beta) 1.02 mit SSEQ-LIB [UPDATE] (13.1) Heute ist der Open Source Onlineshop xtc:Modified (Beta) 1.02 vom...
  2. Session Fixation in osCommerce und xt:Commerce (9.9) Es wird von eine „Session Fixation“-Schwachstelle in den Shopsystemen von...
  3. WordPress security under pressure (9.4) So there it is: a popular WordPress installation got hacked....
  4. SSEQ-LIB: Version 0.5.0 (8.9) Was ist SSEQ-LIB? SSEQ-LIB ist eine Sammlung aktueller Funktionen, die...
  5. Wir brauchen „Free Security Audit“! (8.6) Stefan Esser, dessen Arbeit ich mit Interesse verfolge, hilft, Sicherheitsschwachstellen...

Schlagwörter:

Das könnte dich auch interessieren …

Eine Antwort

  1. Adam sagt:
    3. März 2010 um 14:14 Uhr   (Bearbeiten)

    Hi,

    wie sieht es mit der neuen Version von xtc:modified 1.03 aus. Es scheint so, als ob man die Datein im root Ordner manuel anpassen müsste.

    Wie kann ich testen ob die Installation erfolgreich war?