SECURITY CHECKLIST

SECURITY CHECKLIST

Security Audits
VP-CART is committed to providing it's customers with as much security help and information as possible. As such, we have employed a team of security professionals to assist in auditing your site's security from as little as US$295.

For more information click here.

At VP-CART we are committed to helping you ensure your site is as safe and secure as possible. Failure to follow the guidelines presented below may result in your site falling victim to hacker attacks.

    A. Removing “Installation” folder and “Upgrade” folder

    Delete the following folders from your VPCart site:

    - Installation
    - Upgrade

    Remote Users: Please ensure that you have deleted all these folders on both your local PC and your remote server.


    B. Change the default ADMIN folder name to a unique name

    To protect your admin, we strongly recommend changing the ADMIN folder name to something unique and hard to guess.


    C. Removing “default.htm” file

    Please delete the default file in root of your VPCart site : default.htm.
    This is the default file that will show the upgrade button which should be deleted when after upgrade completed.

    D. Removing copy of default database

    Please delete the default MS Access file that comes with the installation.
    The database name is “shopping900.mdb,” which is located in the “database” folder.


    E. Removing “diag_smstest.asp” file

    Please delete the “diag_smstest.asp” file located in the “admin” folder.

    Remote Users: Please ensure that you have deleted this file on both your local PC and your remote server.


    F. Credit Card Storage Settings

    VPCart recommends that you DO NOT store credit card numbers.

    If you take credit card numbers into your system rather than using a Payment Gateway, we recommend that you delete the credit card number as soon as the order has been processed.

    This can either be done manually or the shopa_displayorders.asp page will delete credit card numbers automatically when the order is marked as processed.

    G. Securing your Database

    Note: This step is for Access users ONLY!

    If your database is not in a secure location, with the correct setting, hackers may be able to download through the web browser. To secure your database folder, you will need to update your IIS settings and the NTFS properties on your database folder.

    To set up IIS permissions on your database folder:

    a) Click “Start,” “Control Panel,” then double-click “Administrative Tools.”

    b) Double-click “Internet Information Services.”

    c) Browse the database folder by expanding the menus on the left .

    d) Right click your database folder and select “Properties.”

    e) Uncheck the “Read box.”

    f) Click “Apply.”

    g) Click “OK.”

    H. Check For Latest Available Updates

    Are you regularly checking our pages for Updates? Always check the Patches pages for updates. Bookmark this page so using this way you will always be on top of new updates or security releases.

 


Times Viewed:
30491
Added By:
Wilson Keneshiro
Date Created:
12/9/2005
Last Updated:
8/27/2020