snubbr.com

What's the difference between ssh and Verisign SSL?

Get a Verisign SSL certificate for 30 days FREE. Click here to use coupon...

Get a free trial of Verisign SSL certificates. Click here for this special deal...
First off, What's the difference between ssh and Verisign SSL? Thanks for any comment. My 2nd question... The admin login for OScommerce doesn't appear to have any sort of protection against password cracking, as in you can attempt to login with incorrect information as many times as you want..

Is there a contribution that adds a square delay to incorrect log in attempts, as in 2 second delay on 1 false attempt, 4 second delay on 2nd false attempt, 16 second delay on 3rd false attempt etc.

Considering it's relatively easy to tell if a Verisign site uses OScommerce or not, it would seem like the admin system is extremely open to abuse,.

Unless of course there is some sort of password blocking that I didn't see..

Comments (48)

Hmm... I need to find out myself. I don't know what is the answer to that question. I'll do some poking around and get back to you if I find an anything. You should email the people at Verisign as they probably could help you..

Comment #1

Is there no protection available against password cracking?.

Even if I change the directory of my admin, isn't there a way potential hackers could just look through the file directory and find whatever directory is now being used for admin?.

It would seem to be a fairly large security flaw if there wasn't a solution against unlimited password entry..

Whats to stop potential hackers imply surfing the web for OScommerce based stores, cracking the admin password and causing all sorts of mayhem?.

Surely it isn't too hard to code a exponential delay for false entries, and would do a whole bunch to increase the security of OScommerce stores?.

This post has been edited by.

Barakas.

: 07 February 2009, 14:40..

Comment #2

No they can't just "browse" through your files. They have to guess what the admin folder is named..

If you just use 52 upper/lower case letters and 10 digits for a name, and make the name 8 characters long that gives 62^8 possible combinations. (.

218340105584896 in simple terms.

).

The browser times out after 30 seconds..

Then making your admin password 8 characters long, out of 95 characters is 95^8 combonations (.

6634204312890625 in simple terms.

)..

And what are you going to do after X number of bad guesses?.

Ban the IP address?.

So what, they just get another one and try again...

Comment #3

And if you're on a UNIX server, protect the renamed admin folder with a .htaccess file as well..

That adds another layer..

The simplest thing to do if you're worried would be to add a line of code that emails you when a improper username/password is entered..

SO THEN:.

1. If they do guess the admin folder name AND.

2. They crack the .htaccess password.

You start getting emails about bad password attempts..

Realistically, that probably won't ever happen..

You have a better chance of getting struck by lightning..

Do you stay indoors constantly to avoid that?.

Probably not.....

Comment #4

The admin login for OScommerce doesn't appear to have any sort of protection against password cracking, as in you can attempt to login with incorrect information as many times as you want..

Is there a contribution that adds a square delay to incorrect log in attempts, as in 2 second delay on 1 false attempt, 4 second delay on 2nd false attempt, 16 second delay on 3rd false attempt etc.

Considering it's relatively easy to tell if a Verisign site uses OScommerce or not, it would seem like the admin system is extremely open to abuse,.

Unless of course there is some sort of password blocking that I didn't see..

Comment #5

First step is to rename the admin directory ( then post asking why you can't login to your admin pages ) and then use a long password that includes capitals, special characters and numbers...

Comment #6


This question was taken from a support group/message board and re-posted here so others can learn from it.

 

Categories: Home | Diet & Weight Management | Vitamins & Supplements | Herbs & Cleansing |

Sexual Health | Medifast Support | Nutrisystem Support | Medifast Questions |

Web Hosting | Web Hosts | Website Hosting | Hosting |

Web Hosting | GoDaddy | Digital Cameras | Best WebHosts |

Web Hosting FAQ | Web Hosts FAQ | Hosting FAQ | Hosting Group |

Hosting Questions | Camera Tips | Best Cameras To Buy | Best Cameras This Year |

Camera Q-A | Digital Cameras Q-A | Camera Forum | Nov 2010 - Cameras |

Oct 2010 - Cameras | Oct 2010 - DSLRs | Oct 2010 - Camera Tips | Sep 2010 - Cameras |

Sep 2010 - DSLRS | Sep 2010 - Camera Tips | Aug 2010 - Cameras | Aug 2010 - DSLR Tips |

Aug 2010 - Camera Tips | July 2010 - Cameras | July 2010 - Nikon Cameras | July 2010 - Canon Cameras |

July 2010 - Pentax Cameras | Medifast Recipes | Medifast Recipes Tips | Medifast Recipes Strategies |

Medifast Recipes Experiences | Medifast Recipes Group | Medifast Recipes Forum | Medifast Support Strategies |

Medifast Support Experiences |

 

(C) Copyright 2010 All rights reserved.