Monday, January 10, 2011

January 2011 - Updates & News

This was sent via email as well.

I just wanted to send out an email to everyone about some changes with WAHM eCommerce! Please note that this is just a GENERAL UPDATE email to EVERYONE. Some of this update may apply to you and some might not.

Late fees have been raised to $5.00. Everyone gets their invoice 14 days PRIOR to your due date and you get another invoice 7 days prior to your due date. You have up to 5 days to pay your invoice or a late fee will be applied. You will get 1 "over due" notice 4 days after your payment was due. On the 5th day after your invoice was due your account will be suspended automatically. I have it set up this way to give you a little more flexibility and time to get your invoices paid in a timely manner. The old fee of $1 is now gone and a fee of $5 will now be applied to all late payments.

The affiliate program is set up and ALL clients can now join. The referral incentive is 5% of each order. This 5% will be applied to your hosting fees. You will earn credit in your account for each referral you send. When your invoice comes to you, you can log into your account and APPLY these referral earnings to your current invoice. I will have banners available soon for you to put on your websites to refer people to WAHM eCommerce. For now you can simply log into your account, activate the affiliate program and use the link provided to refer people.

Did you know that we offer an array of templates and banners for your website? Existing clients get 15% off all templates & banners listed in our design area! Simply put in promo code "client" during checkout to receive your discount. We also offer custom holiday designs as well! We can give you a ONE OF KIND holiday design OR use your existing design and tweak it a little bit to go with the current holiday. Here is a good example of a Tweaked Holiday Design:


Price for HOLIDAY TWEAK DESIGN like above is ONLY $15!

To see all our templates and banners please visit - all designs are done IN HOUSE by Sha & Amberle!

A note from my Server Host:
We've recently noticed a large number of hacked online stores. Hosting companies around the world have been scrambling to meet request after request to help clean their clients' websites. Unfortunately, a few of our own clients' sites were affected by this latest global attack.
Of course, if your website happens to get hacked, we will help you clean it up. Having said that, it is up to you, the website owner, to periodically check your website to make sure everything is running smoothly. Unless you have our extended monitoring services added onto your hosting plan, we are not responsible for constant monitoring of what goes onto each and every one of our clients' websites. While we'd love to be able to do that, it is an extensive, time consuming practice when you consider how many websites there are on our servers. It is not, however, very time consuming for a website owner to do to their own website.
We'd like to take a moment to show you how to secure a website that uses Online Store Cart or any other shopping cart that uses an osCommerce based script. Of course, nothing is foolproof – hackers learn new tricks everyday and nothing is safe from being hacked. In fact, some of largest online companies in the world were hacked into this year. But, these methods will definitely help make sure that your site isn't hacked with any of the more recently used methods.

NOTE FROM SHA : We do not recommend you try these "fixes" if you are not comfortable with your cPanel and "backend" file changes. We will gladly make all the necessary changes for you for a ONE TIME FEE of just $10.
  1. Change the name of your admin folder! The most common hacks use a script that locates the admin folder, so changing the name will drastically reduce the number of attacks sent your way. Here is how to change the name of your admin folder:That's it! You will now use that folder to access your admin. So, if you were going to, you would now go to (or whatever you named the folder). NOTE: In order to make further instructions easy to follow, I will still be referring to the admin folder as admin. Please remember to follow along using your new folder name.
    1. Change the name of the folder itself. To do this, go into your cPanel's File Manager and locate the admin folder. Click on it once to highlight the folder and then click on the Rename button at the top of the page. Change the name to something that is easy for you to remember, it doesn't have to be complicated. I like to use things like orders or manager. For added security, try to be creative and pick something that people won't guess.
    2. Staying in the File Manager, locate the includes>local>configure.php file. Find this line:
      define('DIR_FS_ADMIN', '/home/username/public_html/admin/');
      Change the last admin to the name of your new admin folder. It should look something like this:
      define('DIR_FS_ADMIN', '/home/username/public_html/manager/');
      *NOTE: username is your cPanel username, DO NOT change that.
    3. Next, locate the admin>includes>configure.php file. Find these lines:
      define('DIR_WS_ADMIN', '/admin/');
      define('DIR_FS_ADMIN', '/home/username/public_html/admin/');
      Change the lowercase admin in both to your new name again – just as before.
  2. Password protect the admin folder! Yes, you do have to login to get into your admin area, but there are still some pages within it that can be accessed with the proper hack. The way around this is to password protect the admin folder itself. To do this, find the icon in your cPanel named Password Protect Directories. Once inside, click on the link to your admin area (note: if you changed the name in the previous step, find the new folder name). Do not click on the folder icon as that will take you inside of the admin folder, just click on the word itself. There are two sections inside this area.
    1. First you will need to activate password protection for the directory. To do this, just click on the box labeled . You will need to give a name to the protection. This name will appear in the new login box for the admin folder use something simple such as your store name. After you have checked the box, click on Save. You will get a message telling you that the permissions were set. Click on the Back link below that.
    2. Now you will need to create the login. In the area called Create User, you will see a form. Fill out what you want the admin user and password to be. I don't ever recommend using admin as the user since it is by far the most commonly used admin name. Also, make sure that the password is not easy to guess. I see a lot of people use their store name… this is very easy to guess. The strength indicator will tell you how easy your password is for people to guess. You may choose to use the password generator, but that doesn't give you something easy for you to remember. Personally, I like using things I can remember like names mixed with birthdays. But, I add a twist. I change letters to symbols that look like them. For example, if my name were Lacy and my birthday was January 2, I'd do something like this: L@cy_01-02. Remember that how you use your caps is important too.
    3. That's it. Now you will have a popup whenever you go to your admin area asking you to login. You should stay in for as long as you are within the browser, so make sure you close everything down when you are ready to logoff.
  3. Delete the most commonly hacked files! Standard osCommerce comes with a couple files that are hacked more often than any other files. Luckily, these files are outdated and aren't used to help keep things running. Delete the following files from your admin area: file_manager.php, define_language.php, & banner_manager.php. There is nothing within those files that you can't do from within your cPanel.
  4. Add further security with .htaccess files! There are a lot of different ways to use .htaccess files to add more flexibility or security to your site. Listed below are just a few. NOTE: If using File Manager, make sure you click on the box to show hidden files to see the .htaccess files. The root (public_html) area will already have one there in most cases. Other folders may or may not have them, so you can create a new one. Just make a file called .htaccess Also, when editing an .htaccess file, make sure to use a new line for each bit of code added. If you mess up this file, it will mess up your website until it is fixed. Follow closely to make sure that you are changing the .htaccess file in the right directory. I've italicized the folder you should be in when making these changes.
    1. Don't allow directory browsing. If you have any folders within your site that don't have an index page, people will be able to just browse through your website files. To disable this, go to your site's public_html directory and edit the .htaccess file. Add the following bit of code:
      # disable directory browsing
      Options All -Indexes
    2. Only allow images in your images folders. The majority of hacks we've come across over the years place malicious files within the images folders. To make sure people can't upload hacked files into your images folder, place an .htaccess file within your images folder to include the following lines of code:
      <FilesMatch "\.(php|ini|html|htm|psd)$">
      Order Allow,Deny
      Deny from all
    3. Prevent access to your .htaccess file. Of course, you don't want hackers to have access to this file you are making these changes to, right? So, add this bit of code to your .htaccess files:
      # secure htaccess file
      <Files .htaccess>
      order allow,deny
      deny from all
    4. Limit the people allowed in your admin area, even if they have your password. This one is tricky because you could end up locking yourself out of your own admin area, but, of course, you could always come back to the .htaccess file in your cPanel to change it back. If you know your IP address, then you can change your admin area to only allow you to enter. Add this bit of code to the admin folder's .htaccess file. NOTE: if you ever have anyone else do work on your site, you will need to add their IP address as well. Use the following, but change to your own IP address.
      # allow access by IP address
      order allow,deny
      allow from
      deny from all
AGAIN : We do not recommend you try these "fixes" if you are not comfortable with your cPanel and "backend" file changes. We will gladly make all the necessary changes for you for a ONE TIME FEE of just $10. 

To order this service please CLICK HERE

Thank you for your continued support and we look forward to a wonderful year with you, your friends and anyone you may refer to us!

Sha & Amberle
Your Host & Your Designer