After installing an SSL, a commmon subsequent issue (in most modern browsers) is the the dreaded "Connection Partially Encrypted" warning.

The error suggested there are unsecured assets/content ieing pulled remotely on the site in secure mode (HTTPS). For example, if the site is hosted with AUSWEB and you have are sourcing images and/or scripts on another unsecured domain.

How to resolve:

• Transfer all offending links/resources (remote content) into the secure area also, or remove them to see if it solves your problem.
• Use a javascript if/else to check if https is on, and request the correct version. You can see how Google analytics handles this here: http://www.google.com/support/analytics/bin/answer.py?answer=55483
• Use a plugin/addon for your CMS such as the Wordpress HTTPS

Hint: You can source common javascript libraries (jQuery, Mootools, Prototype) from Google's CDN as it supports HTTPS.

What is ModSecurity?

ModSecurity is a web application firewall module designed for use with Apache web servers. It provides an increased level of server security by protecting the server from vulnerabilities present in web application code. This increased security is achieved by detecting and preventing possible attack fronts before they reach the actual application. It is now estimated that over 70% of all attacks on web servers are carried out at web application level, hence the need for more secure web hosting environment.

AUSWEB deploys ModSecurity on all of our shared Linux hosting solutions to ensure we are able to provide the most secure shared hosting environment possible for our clients. Whilst it is not a guaranteed solution to protect against all web vulnerabilities, it reduces the attack surface of our hosting environments and therefore reduces the chances of a security breach.

From time to time, having ModSecurity installed will mean clients may experience ip blocks if code on a client website is deemed insecure. These blocks can also occur when using applications that are attempting to communicate with the server in an insecure manner, which can be caused by trojans/viruses on your pc or other software programs or their plugins.

Do you find that your ip address occasionally gets banned by web servers?

...or maybe you experience your browser hanging when viewing particular websites. These could be caused by certain settings in your network card's configuration.

Backing up your website is an important task to perform on a regular basis as a precautionary measure, just in case your files are somehow lost or become corrupted. Luckily this is a fairly simple process which can be done in a few clicks through cPanel.

In addition to understanding the threats, and implementing general defensive strategies, it is important to know more specific details about security in Joomla, as well some specific examples of how to implement security strategies.

SSL Security Protection Tips
Without applying extra efforts to your connection on the internet you are wandering around an unsecured environment. Before you make administrative modifications to secure Zen cart and its database, you need to equip yourself with secure ways to make these modifications. Otherwise if someone is watching / listing to the information you transmit, it might not be long before your private business information becomes public. The bare minimum tools you should have are a shared SSL and FTP over SSL/TLS. These tools will encrypt the information you transmit and receive.

AUSWEBs new server security policies require PHP safe-mode ON and register global OFF
Below you can find some guidelines regarding fixing your shopping cart software

osCommerce

osCommerce will run with safe_mode on but you may get errors displaying on the screen, if you do, you need to make the following change

In includes/application_top.php change:

error_reporting(E_ALL & ~E_NOTICE);
to
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);

Having register globals enabled is a very serious security issue; it allows an attacker to inject variables into the running PHP code. The consequences of this are always serious.

A patch for oscommerce to run with register_globals off can be downloaded from http://www.oscommerce.com/community/contributions,2097

Please make sure you carefully read the README file as it contains important information about the 2 ways the patch can be applied.

The 'patch' consists of the following:

1/ A set of instructions (rather than a 'patch' file) that you may use to manually apply the changes to an existing code tree. This is useful if you already have modififications made to the OSC source code and you want to apply this patch on top.

2/ A set or pre-patched files. These files are EXACTLY the same as you would get if you applied the patch instructions to a clean copy of OSC. This is useful if you are performing a clean installation of OSC and therefore have no worries about just copying over existing files with new versions.

You only need to use either the manual instructions or the pre-patched files; NOT both

Cubecart

Cubecart will run with safe_mode on and register_globals off, but you will need to upgrade to the current version 3.0.12 [Security-Patched-1]

Zencart

Zencart will run with safe_mode on but you may get errors displaying on the screen, if you do, you need to make the following change

In includes/application_top.php change:

error_reporting(E_ALL & ~E_NOTICE);
to
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);

Vandals often use hacking techniques to deface a website or destroy data and files, but there are also those who just want to steal resources (make use of other people's servers without their knowledge or permission) or to cover their tracks by stealthily making use of hardware owned by legitimate businesses to carry out processing for illegal operations or to relay spam and viruses to others.

If you've recently installed phpNuke with Fantistico (it's at the bottom of your Control Panel - if you haven't seen it - go look), you may have noticed that the phpBB version is about 5 releases out of date.
The most recent version of phpBB is 2.0.21, but the version within the phpNuke 7.8 Release is 2.0.15. However, before you run out and download the standalone updates/patches for phpBB, please keep reading.

By Brian Prince

Hackers have painted a bull's eye on Microsoft Word and Office programs yet again, and this time they seem to have hit their mark.