Attack defense

[Purebeads]

I'm just curious. Why do hackers attack e-commerce sites? Does osCommerce store credit-card numbers in the database? If not, are the hackers after the customer information?

[wildjokerdesign]

e-commerce programs can store CC information depending on how you have them set up. I personally believe it is better if you do not set your shopping carts to store the CC information if they are on a shared hosting server like we have at WestHost. When I do set folks up with an e-commerce program I encourage them to use a service like PayPal for payment. That way you don't have to store the information on your server.

Hacker often do look for other info like email accounts but they could also be looking for a way to get in the to the server deface the site or use it for email spamming.

[mb01a]

did you know that most of the folders and files within the OSCommerce setup can be set to read only? This prevents a hacker from doing much of anything unless you allow it ..

Also, OSCommerce by default does not store CC numbers. If your site stores them, someone changed the default setup.