VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-Cart StoreFront Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 Improved Security
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Starting Member

8 Posts

Posted - July 29 2003 :  04:29:03  Show Profile  Reply with Quote
To help prevent search engines spidering your admin pages add:
<META NAME="ROBOTS" CONTENT="NOINDEX,NOFOLLOW"> inbetween the <head> </head> section of shopadmin_header.htm

I wrote a simple include file that I put at the top of you shopadmin.asp (renamed of course) see below.
This carries out two operations: if your internet connection has a fixed IP it checks it and if OK does nothing.
If the IP is not known, it then checks the header for a password. If correct allows you in.
However, you only have a set amount of tries, over a given time. If you exceed the amount of tries, it locks you out for a while and redirect to a page not found. This makes it appear as if the page no longer exists.

I use this software for two reasons.
Although I normally do ĎAdminí duties while at the office (Fixed ID)
I can still work from home using a dynamic IP or check whatís going on from any remote location.
It prevents Hackers using brute force password crackers to get into your site.

Software note to VP-ASP programmer.
I see optional include files in your software controlled by asp.
Also in some case statement i.e.
Case a
<!-- #include file= A -- >
Case b
<!-- #include file= B -- >
Case c
<!-- #include file= C -- >

As far as I understand, this does not work as all include files are included BEFORE any the execution of the asp code???

Does this cause any problems / security problems.

Final comment to VP-ASP Designer.
You must improve the credit card security section of your software against hackers. You also need to automate deleting and changing file names and locating the database. I got hacked BIG time it cost the credit card people over £10,000!
Security should be inherent in the design without the need to read a big fat manual.

PS Your tech support if second to none - thanks

Sub Added_IP_check_security()
'this will allow MY_IP_NUMBER through OR querystring QNAME=PASSWORD
'in this example www.mysite.com/myshop/adminpageforshop.asp?GetMeIn=Emergency
'the "?GetMeIn=Emergency" part is only required if your IP is dynamic or not equal to MY_IP_NUMBER

Const MY_IP_NUMBER = "12.3453.67.89" 'your fixed IP address - *** Change to fit
Const TIME_OUT = 3 'munites
Const MAX_TRIES = 4
Const PASSWORD = "Emergency" 'case sensitive - *** change
Const QNAME = "GetMeIn" ' -*** change
Const REDIRECT_TO = "http://www.yoursite.com/404" ' - ***change

if request.ServerVariables("REMOTE_ADDR") <> MY_IP_NUMBER then

If Application ("SecurityLastIn") = "" then Application("SecurityLastIn") = Now()
If Application("SecurityCount") = "" then Application("SecurityCount") = 0
if datediff("n",Application("SecurityLastIn"),Now()) => TIME_OUT then
Application("SecurityCount") = 0
Application("SecurityLastIn") = Now()
Application("SecurityCount") = Application("SecurityCount") + 1
end if
if (Application("SecurityCount") => MAX_TRIES) OR (request.querystring(QNAME) <> PASSWORD) then response.redirect(REDIRECT_TO)

end if
end sub


VP-ASP New User

152 Posts

Posted - July 13 2004 :  22:27:08  Show Profile  Reply with Quote
Thanks for sharing your knowledge!

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000