The purpose of renaming the admin directory

One of the first things you are told in osC is to rename the admin directory to something that people will not guess to protect it. Then most people add the line into their root/robots.txt file

Disallow: /new_admin_name

What this does is when you type in your URL and add robots.txt at the end, up pops a page that displays your new admin directory name (robots.txt files are viewable in a browser). This saves potential hackers from trying to guess what you changed it to.

The fix is when creating a robots.txt file in your root do NOT put the hidden/private directories in there. What you need to do is in your new admin directory create a new robots.txt file and add the lines;

User-agent: *
Disallow: /

This will keep the robots from indexing that directory and also keep your admin/private directory names hidden from the world adding the security that you were trying to gain.

One of the dumbest features for a web site admin

I remember talking to the owner of the software company about this a long time ago. For the most part with CPanel your web server is protected and PHPMyadmin is protected. By having a function in the admin of your stores software that allows people to backup and download your DB is just about the dumbest idea you can have in a web store. I don't know how many times I have been able to walk into a stores admin and download their DB which includes all their customers which has their CC info attached. I must add that I have been able to do this but have not done it. DB's are protected for a reason and this function removes several layers of that protection.
One of the first things I did was remove the code that does this function. Our site does not store CC info and we do not have access to the CC numbers at any time, I prefer it this way as if there is ever a problem having the actual number is not going to change the outcome of the problem. There is no reason that a store owner needs to know the customers CC number, if it is declined then they just need to know that it was. If the customer does a charge back knowing the CC number is not going to improve the chances of fighting it.

Getting back on track here the less information you have in your DB the better off you will be in case of an attact and the harder it is for people to get at your DB the better off you are.

Benefits of getting an email for each 404 error

I can't remember whose blog it was on but there was talk of getting emails every time you have a 404 error on your site. I think this is great for helping with development as far as making sure all your images are there, pages link properly, etc. but over the last few days I have found another benefit of them. 4 different IP's have tried to find mambo and wordpress vulnerabilities with my site by entering different page names and directory names. CPanel can ban an IP easily, so they are taken care of, only 1 attact this morning.

For the most part people look at the most popular pages using their stats programs but most don't look at their 404 error log. Your stats program will tell you what your customers are looking at, your 404 log file will sometimes tell you what the people who want to harm your business are looking at. By receiving the email it forces you to look at it in your inbox and then you are much more likely to deal with it. For that reason alone I think that getting the email is an important part of managing your site.

It only takes a couple of minutes to install a HTTP Error Contribution and its benifits have been shown to me a thousand times over already. Putting up with emails when you know you are missing a graphic can be annoying, but that is a small price to pay to find out who is trying to sneak through the back door.

Other ways to protect yourself is to make sure you rename your admin to something that no one would look for (virtually any key on the keyboard can be used and letters can be lower case or capitals). Make sure your admin is not indexed by SE's, rename your contact_us page, make sure you have your software up to date with all the fixes.

I keep thinking about a retail store, I can't see the owner standing at the front door watching for pickpockets while leaving the back door is wide open and the theifs have a 18 wheeler backed up and are loading it with the entire inventory. That would not happen in a retail store so why should it happen in a web store.

I think I might have to go out for dinner, this sounds yummy

Heirloom Pumpkin Soup with Duck Fillet

and Chanterelle Mushrooms

*

"Boars of Babylon" Wild Boar Terrine

with Milford Bistro Cornichons and Madeira Jelly

or

Ragout of Assorted Shellfish

with Spicy Sausage, Soffrito, Fennel and Nicoise Olives

or

Seared Moulard Duck Foie Gras

with Poached Quince, Tangerine and Pomegranate Juice

**

Rack, Loin and Leg of Rabbit Prepared Three Ways

or

Rack of "Rankin Inlet" Nunavut Territory Caribou

with Caramelized Belgian Endive, Glazed Chestnuts

and Wild Blackberries

or

Roasted Organically Farmed Cod

with Braised Savoy Cabbage, White Beans and Truffle Oil

***

Selection of Raw Milk Cheese

(add $5 menu supplement)

****

Maple Bread Pudding with Caramel Rum Sauce

or

Chocolate Terrine with Vanilla Anglaise and Pistachio Nuts

3 courses $45 4 courses $52

Working on my product pages

The new site is coming together with a lot of help from other people I think it is on the right track and I am am learning a lot about PHP. :) I have a template for the product pages and was wondering what people think of it, the popups aren't finished but the main idea is there.

There way I did the popups is to add the code

< href="javascript:roastPopup();">more info< /a>

into the product description via the osC admin where ever you need it on the page. Then in product_info.php right above < /head> add;

< type="text/javascript">
function roastPopup(){
aWindow = window.open("http://www.beancoffeeshop.com/2.php", "t_win","toolbar=no,width=450,height=450,status=no, scrollbars=no,resize=no,menubar=no");
}
< /script>

You can change the URL to suit your needs and also the height, width, etc. If you need a second popup then you just change the "roastPopup" name and the URL and add a second function.

Any input on the page would be appreciated before I redo all of them.