We have have compared some of the more popular ecommerce shopping cart software available today. Some of the shopping cart software packages have further features which are available through modules and addons. As such, the features listed below may not include all possible features for a given shopping cart software package.

Keep in mind this is only but a small fraction of the number of ecommerce shopping cart software available today

We’ve compared Data Storage General, Customer Features, SEO, Administration Area Features, Customer, Gateway Support, Alternative, Security , Shipment, Reward Features, Payment, plus many Other Features

General information

Data Storage

Information about what data storage system can be used.

General Features

Information about the features the shopping carts offer.

Customer Features

Information about the features the shopping carts offer.

Customer Reward Features

Information about the features the shopping carts offer.

Administration Area Features

Information about the features the shopping carts offer.

Search Engine Optimization Features

Information about the features the shopping carts offer.

Security Features

Information about the features the shopping carts offer.

Other Features

Information about the features the shopping carts offer.

Payment Gateway Support

Information about which payment gateways are supported.

Alternative Checkout Support

Information about which alternative checkouts are supported.

Real Time Shipping Calculation

Information about if the Shopping Carts have Real Time Shipping Calculation built in to be able to calculate how much it will cost to ship an order in real time when the customer checks out an order.

Shipment Booking Integration

Information about if the Shopping Carts have Shipment Booking Integration to allow staff to be able to book shipments for a number of orders at once via the control panel.

Shipment Tracking Integration

Information about if the Shopping Carts have Shipment Tracking Integration to show the customers the tracking information on the View Order pages.

IMPORTANT NOTE: this script will be deleting files, and must be run as root
and if you are running this as root – IT IS YOUR RESPONSIBILITY FOR THE RESULTS.

If you would like to know what files are deleted or want to edit the script as to determine what gets deleted
see further below.

There are plenty of improvements that could be made to this script, however its a great baseline to start with.

The basic idea is that Server side disk space is expensive compared to local storage – every
extra Gb is more clients that you can host. This script will:
a) remove uneeded YUM cache files, cpanel temp files etc.
b) remove “trash” files from user accounts older than a specified period (see Variables)
c) backup old log files (from logrotate), then compress and FTP them to a backup server
d) remove the backup files
e) give you a report to so that you know how it went

The script:

First create a file named vpsclean.sh which contains the following:

#!/bin/bash
#VPS disk cleanup by RoboRutt for the world to use as you see fit
#any comments critique and stuff welcome to robert@ruttentech.com
#latest version available from http://www.ruttentech.com (checkout downloads)
#NOTE: this does some deleting stuff, and deliberately must be run as root
#and if you are running this as root – IT IS YOUR RESPONSIBILITY FOR THE RESULTS

echo Starting…

#setup the application variables – dont change these – editable variables are in the file vpsclean.conf
source vpsclean.conf
today=`date +%G%m%d`
MaxSpam=`expr $MaxSpamM “*” 1000`
version=1.6

#remove temp folder if it already exists from a previous (bad) run
cd $RunDir
if [ -d $RunDir/backup-$today ] ;then rm -rdf $RunDir/backup-$today ;fi
if [ -f vpsclean_ftp.log ] ;then rm -f vpsclean_ftp.log ;fi
if [ -f vpsclean-$today.tar.gz ] ;then rm -f vpsclean-$today.tar.gz ;fi
if [ -f $RunDir/before_cleanup ] ;then rm -f $RunDir/before_cleanup ;fi

#get a snapshot of disk usage before cleanup
echo Getting some disk statistics
df -h >> $RunDir/before_cleanup

# FTP Backup
if test $FTPBACKUP = Y
then
echo Creating a backup of files to be removed
#create file structure in back to mirror server
mkdir $RunDir/backup-$today
mkdir $RunDir/backup-$today/var
mkdir $RunDir/backup-$today/var/log
mkdir $RunDir/backup-$today/usr
mkdir $RunDir/backup-$today/usr/local
mkdir $RunDir/backup-$today/usr/local/apache
mkdir $RunDir/backup-$today/usr/local/apache/logs
#copy files
cp /var/log/apf_log.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/boot.log.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/cron.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/exim_mainlog.?.gz $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/exim_paniclog.?.gz $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/exim_rejectlog.?.gz $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/maillog.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/messages.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/rpmpkgs.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/secure.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/spooler.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /var/log/wtmp.? $RunDir/backup-$today/var/log > /dev/null 2>&1
cp /usr/local/apache/logs/error_log $RunDir/backup-$today/usr/local/apache/logs > /dev/null 2>&1
cp /usr/local/apache/logs/suphp_log $RunDir/backup-$today/usr/local/apache/logs > /dev/null 2>&1
find /home -ipath “*/.trash/*” -type f -mtime +$OldTrash -exec tar -rf $RunDir/backup-$today/user_trash_accounts.tar {} \; > /dev/null 2>&1
#tar and ftp the complete backup folder to your ftp server
echo “Compressing backup files to send to remote FTP server ($FtpHost:$FtpDir)”
cd $RunDir
tar -czf vpsclean-$today.tar.gz backup-$today/
FtpSize=`ls -hs vpsclean-$today.tar.gz`
echo “…about to ftp, this may take sime time – your backup file is $FtpSize”
ftp -nv $FtpHost << END > vpsclean_ftp.log
user “$FtpUser” “$FtpPass”
binary
cd $FtpDir
put vpsclean-$today.tar.gz
bye
END

#remove temporary files
echo “…removing the vpsclean temporary files”
rm -rdf $RunDir/backup-$today
rm -f $RunDir/vpsclean-$today.tar.gz

#end FTP backup conditional check
else
echo “Skipping FTP backup of files”
fi

#the actual cleaning up bit
echo “Now cleaning up”
echo …clearing YUM cache
yum clean all
echo “…removing Cpanel temp files”
rm -rdf /home/.cpcpan > /dev/null 2>&1
rm -rdf /home/.cpan > /dev/null 2>&1
rm -rdf /home/MySQLInstall > /dev/null 2>&1
rm -rdf /home/cpeasyapache > /dev/null 2>&1
rm -rdf /home/cprestore > /dev/null 2>&1
rm -rdf /home/cpbackuptmp > /dev/null 2>&1
echo “…removing “trash” files from user accounts”
find /home -ipath “*/.trash/*” -type f -mtime +$OldTrash -exec rm -df {} \; > /dev/null 2>&1
echo “…removing old log files”
rm -f /var/log/apf_log.? > /dev/null 2>&1
rm -f /var/log/boot.log.? > /dev/null 2>&1
rm -f /var/log/cron.? > /dev/null 2>&1
rm -f /var/log/exim_mainlog.?.gz > /dev/null 2>&1
rm -f /var/log/exim_paniclog.?.gz > /dev/null 2>&1
rm -f /var/log/exim_rejectlog.?.gz > /dev/null 2>&1
rm -f /var/log/maillog.? > /dev/null 2>&1
rm -f /var/log/messages.? > /dev/null 2>&1
rm -f /var/log/rpmpkgs.? > /dev/null 2>&1
rm -f /var/log/secure.? > /dev/null 2>&1
rm -f /var/log/spooler.? > /dev/null 2>&1
rm -f /var/log/wtmp.? > /dev/null 2>&1
rm -f /usr/local/apache/logs/error_log > /dev/null 2>&1
touch /usr/local/apache/logs/error_log
rm -f /usr/local/apache/logs/suphp_log > /dev/bull 2>&1
touch /usr/local/apache/logs/suphp_log

#Check for and remove oversize SpamAssassin Files
if test $DELSPAM = Y
then
echo “Checking for large SpamAssassin files over “$MaxSpamM” Megabytes”
CHECK=`find /home -name “auto-whitelist” -size +”$MaxSpam”k`
if test -n “$CHECK”
then
echo “…the following files have been detected”
find /home -name “auto-whitelist” -size +”$MaxSpam”k -exec du {} -ah –max-depth=0 \;
find /home -name “bayes_seen” -size +”$MaxSpam”k -exec du {} -ah –max-depth=0 \;
echo
echo “Would you like to delete these files (y = yes) ?”
read Conf
if test $Conf = y
then
echo “…deleting files”
#find /home -name “auto-whitelist” -exec rm -f {} \;
#find /home -name “bayes-seen” -exec rm -f {} \;
else
echo “…skipping SpamAssassin file deletion”
fi
else
echo “…there are no SpamAssassin files greater than $MaxSpamM Mb”
fi
else
echo “Skipping check for large SpamAssassin files”
fi

#Clear Joomla cache and tmp files for accounts in root folders
if test $JCACHE = Y
then
echo “Clearing cache for joomla installations in account webroot folders”
find /home -path “*/public_html/cache” -type d -exec rm -f {}/* \; > /dev/null 2>&1
echo “Clearing tmp files for joomla installations in account webroot folders”
find /home -ipath “*/public_html/tmp/*” ! -iname “*index*” -maxdepth 5 -exec rm -rdf \{} \; > /dev/null 2>&1
else
echo “Skipping joomla cleanup”
fi

#display the results of your hard work so that you know you deserve a coffee
echo
echo “finished cleaning up – now the results”
echo
echo “BEFORE FILE CLEANUP (v$version)”
cat before_cleanup
echo
echo “AFTER FILE CLEANUP (v$version)”
df -h
echo
cd /root
RootSize=`du -ah –max-depth=0`
echo “JUST TO LET YOU KNOW, YOU ARE STORING $RootSize IN YOUR “/ROOT” FOLDER”

#Remove log files
rm -f $RunDir/before_cleanup
#rm -f $RunDir/vpsclean_ftp.log

#end
cd $RunDir
echo “finished”

VARIABLES:

Now Create the configuration file named vpsclean.conf and insert this content:

conf_version=1.2

#setup some variables that you might like to change Dont comment them out – but you can change them as noted

OldTrash=60 #the number of days that you want to keep user accounts .trash files
FtpUser=something #your username for your chosen ftp backup server
FtpPass=somehting #password for the aformentioned ftp backup server
FtpHost=127.127.127.127 #host for the now famous ftp backup server
FtpDir=something #remote ftp dir for the legendary ftp backup server – you will need to create this first
RunDir=/root #Folder that you want to run the script from (usually /root)
MaxSpamM=100 #SpamAssassin auto-whitelist or bayes_seen file to be detected IN MEGABYTES
FTPBACKUP=Y #Perform FTP backup of files, Y= yes, N = no (implies no backup of files to be removed)
JCACHE=Y #Clear cache from Joomla sites (only for Joomla sites in account web root folders)
DELSPAM=Y #Check for large SpamAssassin Files, Y= yes, N= no (you will still be asked to confirm before delete)

The file contains all the user editable variables. Feel free to change what
you like in this file, notes on variables are contained within the file.

Here are a few variables that are included in the vpsclean.conf file:

‘OldTrash’ – the number of days that you want to keep user accounts .trash files
‘FtpUser’ – your username for your chosen ftp backup server
‘FtpPass’ – password for ftp backup server
‘FtpHost’ – host for the ftp backup server
‘FtpDir’ – remote ftp dir for the ftp backup server
‘RunDir’ – folder that you want to run the script from (usually =/root )
‘MaxSpamM’ – The largest SpamAssassin auto-whitelist or bayes_seen file to be detected IN MEGABYTES
‘FTPBACKUP’ – Perform FTP backup of files, Y= yes, N = no (implies no backup of files to be removed)
‘JCACHE’ – Choose to clear cache from Joomla sites (only for Joomla sites in account web root folders ie. /home/’acccount’/public_html/cache)
‘DELSPAM’ – Choose to check for large SpamAssassin Files, Y= yes, N= no (you will still be asked to confirm before delete)

1) save both filenames correctly
2) upload to your server /root folder
3) make the script executable (ie. ‘chmod +x vpsclean*’)
4) make the script writeable (ie. ‘chmod 775 vpsclean*’)
5) edit the script – you will need to enter your own FTP server variables “vpsclean.conf” file
6) run the script – ./vpsclean.sh

==BACKUP:==

This script works on the assumption that you would like to backup your log files to a remote FTP server. If you don’t want to, you have 2 choices. Firstly you can just delete them without a backup – the second choice is to allow the compressed tar.gz file to be stored on your server. My tests have shown it to be about half the size of the total files that it replaces. Either way, you will need to modify the script to do this.

==KNOWN ISSUES:==

* FTP connection issue. The script will drpo a logfile (vpsclean_ftp.log) in the root folder once it starts FTP’ing, and should remove it once it ends. If for some reason the FTP is interrupted you should be able to check the logfile for hint. At this stage there is no built in check to verify the file transferred.
* Currently I only test for the existance of tmp/ and cache/ folders in user accounts. On my server, this equals Joomla installations, but I can’t guarantee that others use similar systems. In other words, if you are storing valuable information in a folder called “cache/” – this script will delete it.

==THINGS TO DO:==
* Domain logs – checkout /usr/local/apache/domlogs/ – can we rotate these logs? Which ones can be deleted ?
* /var/log – see if we can tar/ftp the logs to a remote server, then delete.
* add webroot as a variable so that we can use this script on other filesystems/structures (eg. var/www)
* tar command in progress meter
* elborate on joomla cleanup to detect version.php – currently just checks for the existence of tmp and cache
* remove the need for a fixed “rundir” variable
* add option to run as su
* create, append to logfile – option for emailing logfile to user (for use as part of cronjob)
* add error traps around ftp and other functions
* do a version check on the conf file – to allow the creation of an update script

==CHANGELOG:==

v1.5 – added the removal and re-creation of the suphp logfile for those running suphp

v1.4 – fixup some bugs from 1.3
fixed a bug preventing “find” to work properly

v1.3 – added changelog to notes file
added a search/remove for tmp file in joomla installations
fixed ftp bug
changed removal process for user trash files. This will now backup file (if wanted) before removal
added notes file to explain my innermost thinking – scarey

v1.1 – added some conditional statements to allow you to “opt out” of an FTP backup **Thanks to DAWORM on NL Forums for suggestion**
- added a check and remove (plus confirm) for extra large SpamAssassin files
- added a find and remove for Joomla Cache files (some folders on our server were 100Mb +)
- improved the copy / remove functions to output to NULL so that no messages are received when file does not exist

Well im going to show you some of the ways this can be done. Just keep in mind though, what may look cheap initially can be costlier later on and other options which look costly right now can be cheaper in the long run.

Let me explain.

Cheapest way to design a ecommerce website

To get the cheapest ecommerce website, you need to look for companies which sell a hosting package thats cheap (possibly unlimited bandwidth/diskspace) for around $4-$10 / month that also has a ecommerce website software ready to go. There are many companies that offer such products, some are great others not so reliable. I guess you get what you pay for.  I would select a company that’s been around for a while, check to see they have a portfolio and maybe even contact some of their clients in their portfolio to see how they are getting along with the company.

Advantages: quick to install and usually very cheap. you could always invest more money into it once you start making money

Disadvantages :  learning curve, you will need to put in the time to learn the system and configure to your own specifications, install modules for local shipping companies and banks etc. If its a company located in another country, usually times/ dates and currencies are set to their defaults. All of which will need to be reconfigured back to your local area.

Quickest way to design a ecommerce website

What would it take to make a website quickly. First lets define ‘Quickest’, If we said, Quickest would be to build and configure a ecommerce website within 1-2 days, that reasonably quite quick isnt it. And a tool to allow your products to be uploaded in several hours using some sort of bulk product uploading tool – that would be quick.

But what about features or tools that are non existent in the ecommerce app that we’re using, like the above mentioned tool ‘bulk product uploader’. This may require extra time in programming or configuring which could end up costing time and money, so what may seem to be quick initially can actually turn out to take much longer to setup. Let me give you another example, oscommerce and Zencart are widely used ecommerce website solutions, and both are great out of the box. However both programs are built for people selling in the US or worldwide. Which means dates are back to front, currencies are in US dollars etc this needs to be configured to work for Australians selling only in Australia in Australian dollars. The shop will need to be re-configured to display times and dates right way round aswell, not month first then day and so on. So what may seem like initially is quick may turn out taking much longer to setup and design then anticipated.

If you really want a site thats both quick and cheap to setup i recommend

1. Get the I-net unlimited hosting offer and if you pay for 3 years upfront  it works out to be like AU$160 for 3 years, its like $3.95 month. Thats cheap!
2. You get cpanel/fantastico with the above hosting offer. Fantastico has several free and powerful ecommerce apps which can be installed in 1-2 steps which makes the whole process very quick. Some of the free carts included are oscommerce and Zencart plus a few others.

Pre-made Ecommerce Templates.

Lately pre-designed ecommerce websites have been a hot seller. You could Buy and modify a premade ecommerce template and be up and running in days. There are literally hundreds of ecommerce templates at sites  like templatetuning.com.au. The advantages and disadvantages are similar to the above options.

Advantages

Cheap, good looking

Disadvantages

mucking about installing and re-configuring dates, times and taxes

Whats my other options?

Ecommerce websites with free templates with hosting and emails, installed for you quickly and common modules and features built in for your country -little more expensive .

I-net has a unique solution. I-net has partnered with Immerce.com.au, a provider of an ecommerce software which is made for Australians. Australian sellers and Buyers from Australia. Now if your business is in Australia and sells mainly to Australians this software is for you. I dont want to turn this article into a sales copy, but this is what we choose first for our custom designed requirements (you can read it on www.i-net.com.au/ecommerce-websites/ and on www.Immerce.com.au)  .

Advantages

- software and hosting together – cheap, no additional costs

- software includes many functionality others dont have – cheap, no need to install/program these features

- software has several high quality templates – no need to buy additional templates

- after purchase software automatically installs, no need to stuff around with installation php files, uploads etc

- configured for Australia – dates, times, states, currencies all local format – no need to change anything

- modules like Australia post, Fastway ban transfer, Australian banks installed and ready to be configured – other carts need to be installed or programmed

Disadvantages

- Costlier – these setups start from around $25 / month

Well what about Volusion, Magento, shopify etc

These are all great companies providing excellent software. Some have advantages mentioned above others have disadvantages which greatly affect Australian sellers. Below are some advantages and disadvantages not broken down into individual products, but just as a general guide

Advantages

- software and hosting together – some are missing emails services, so you’ll need to get that elsewhere

- some have excellent addons (cost extra)

- wide range of templates

- after purchase software automatically installs, no need to stuff around with installation php files, uploads etc not Magento

- configured for Australia – dates, times, states, currencies all local format – no need to change anything

- modules like Australia post, Fastway ban transfer, Australian banks installed and ready to be configured – other carts need to be installed or programmed

Disadvantages

- Costlier – these setups start from around $45 / month

- software and configured to  people in the US and UK generally
- some missing important Australian modules like Fastway shipping- they charge to use addons, some are like $100 extra each month, so some have hidden costs

OK, This is too much for me…. I just want to sell online, can you help

What May look expensive can be cheaper and quicker

If your serious about selling online the option of getting your site custom designed or at least installed, modified, setup/configured with a bit of training  is the best option which will save you a lot of headache. People that design ecommerce websites do it day in day out and are very quick at it. What may take you hours to do can take them minutes. So its worth paying someone to get things to speed while you concentrate on other parts of your business.

Custom ecommerce designs were expensive once upon a time (+$20,000 was common), but these days you can get most of the required tools for couple dollars as pointed out above. Also think about the outlay of a bricks and mortar business, to setup a real shopfront your looking at no less than $50,000, thats at the bare minimum. Build your online business just like you would invest in a bricks and mortar business. Maybe you dont need to spend $50,000 but dont be afraid to spend $5000-$10,000. It would give you a good start in the competitive online business world.

…And Remember it takes money to make money

If you want to take advantage of establishing an online presence, this article should give you a heads-up into some of the opportunities available to you as you enter the online market. In this article, we will be discussing certain visualization tools, product page tips, check out tips, and some testing tools you need to get your hands on. Keep in mind that this article only serves as an introduction to what you should expect in establishing and running an e-commerce website. Hopefully you find this useful.

Product Page

If you want your website to be as successful as your offline store, you need a good product page. When designing your website, ensure that you always have your customers in mind and that you direct them when they land on your site. Here are some few tips to improve your product pages.

Tip 1: Make sure your Call-to-Action buttons are obvious enough.

Ensure that your CTA button is in a prominent place and that it’s not too small. Make sure that it’s also well-designed and that you use contrasting colors. Keep in mind that the color of your button should contrast with the text color on your button as well as the background color it’s on.

Tip 2: Delivery information

Give out the necessary delivery information and do not withhold until the very last minute. Remember that transparency is very important otherwise people will doubt your business. If an item is out of stock, make sure to state before a customer places his order. Inform the customer about the delivery lead time and how much the shipping cost is. Do not hide anything from your customer. Doing so will just encourage ill feelings toward your website.

Tip 3: Progressive Disclosure of information

Not all people are the same with the way they want to consume information. While others prefer to trust social reviews, some prefer technical specifications. The point is that your site should give the information your customers want to know. You may want to group information under several tabs or just provide a “more information” link.

Tip 4: Copy is king.

We cannot stress enough how important originality or uniqueness is. There are too many online shops that just copy the manufacturer’s description. A copied content will just harm your site instead of bringing it any good. First, expect that your rankings in Google will drop and your overall Search Engine Optimisation (SEO) will be rendered useless. Second, by just copying the manufacturer’s content, you are not giving any reason why your customers should buy your products. Keep in mind that a sales copy should be able to inspire confidence in you and your product hence building your site’s credibility. If you don’t have a talent writing good copies, then hire a copywriter who can write on your behalf. Trust us it’s worth the investment!

Check Out

Tip 1: Make sure guests can check out.

Customers should be able to purchase your products even if they are not registered customers. Just think about offline shopping. Do customers need to register before they can buy clothes? Of course not. Give your customers an option. Ask if they want to check out as a guest or as a customer.

Tip 2: Enclose the check-out process.

If someone wants to check out, ensure that your check out process is fast and secure. Don’t put in distractions such as ads and unnecessary offers that might just distract or annoy them from what they are trying to do which is to purchase. Though some may say the check-out process is a good opportunity to upsell, we really don’t think so and we think it’s not worth the risk. Don’t encourage the visitors to check out your other products when they are about pay. You don’t want them to abandon their cart.

Tip 3: Solicit feedback after visitors have submitted their orders.

Once a visitor purchased, instead of showing them a standard confirmation page, it would be better if you ask for some feedback regarding their experience when it comes to purchasing on your site. Feedback is important to site owners in making sure that they continuously improve for the benefit of their customers.

Tip 4: Handle errors gracefully.

Let’s face it problems are inevitable especially during the check-out stage. Cards get declined and people enter invalid email addresses and zip codes. To cover all these errors, make sure that you display messages that are contextual, useful, and conventional.

Analytics

If you want to know what is going on with your website and how many visitors on average you get, then you need to start using Google Analytics. By using this tool, you will be able to study your site metrics and find out how you can further improve your website.

Tip 1: Advanced Segments

With this feature, you will be able to compare your visitors from different countries in terms of buying habits, website usage, searches, quality of traffic, etc.

Tip 2: Custom Reports

Though the default reports in Google Analytics are not that superb, you can still customize the reports and add metrics that matter to you. For instance, you can see a report of the referring websites and their average per visit  value, bounce rates and the time spent on site.

Tip 3: Advanced Filters

If you want to know which referrers are the best then you can set GA to filter out what you don’t like. Just click on the “Advanced Filter” and you should be able to exclude the referrers that don’t matter to you.

Tip 4: Intelligence

With this feature, you will be able to notice traffic patterns without needing to set up reports for all the metrics you want to track. With Intelligence, if your bounce rate goes up by 10% you will immediately see an alert so there’s no need for you to spot it.

Final Word

Technologies are getting more and more advanced each year. Who knows what businesses will be using to track information and metrics across certain platforms. No matter. The key to being successful in the digital world is through customer insight and engagement. Find out what your customers want and give it to them. Make sure that you constantly monitor every element of your website, business, and industry and utilize the current available technology to help you grow your business and achieve your goals.

We do not provide any warranty for this article, so if you are not sure what you are doing please make sure you research before you do it.

First Update OS and Software:

Update cPanel, Apache & other installed software to latest stable version. Generally, with later versions there are bug fixes and security patches that need to be applied

Secure cPanel/WHM and the Root User on VDS:

Checking for formmail:

Form mail is used by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in jeopardy.

Command to find pesky form mails:

find / -name “[Ff]orm[mM]ai*”

CGIemail is also a security risk:

find / -name “[Cc]giemai*”

Command to disable form mails:

chmod a-rwx /path/to/filename

(a-rwx translates to all types, no read, write or execute permissions).

(this disables all form mail)

If a client or someone on your vps installs form mail, you will have to let them know you are disabling their script and give them an alternative.

Root kit Checker (rkhunter or chkrootkit)

Check for a root kits via a cron job, by doing this you will regularly check if your server is comprised, and you will be sent regular reports.

To install chkrootkit, login to the server as root and on the command line interface type:

cd /root/

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

tar xvzf chkrootkit.tar.gz

cd chkrootkit-0.47

make sense

To run chkrootkit, type the following on the CLI:

/root/chkrootkit-0.47/chkrootkit

To ensure the highest level of security setup a cronjob which emails you the results on a regular basis. Setup Email on Root Login (to detect breaches)

If an unauthorized person gains access to root, you want to be notified – you can do so by doing the following while logged into root:

cd /root

vi .bash_profile

Add the following line:

echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” your@email.com

Where your@email.com is your email address.

Save an exit vi: :wq

To change the SSH Legal Message (displayed when you login via SSH), edit /etc/motd to display the message you wish to show. Securing WHM and cPanel:

By default cPanel/WHM is not setup securely and efficiently, so you will want to optimize the cPanel/WHM settings by doing the following:

Go to: Server Setup -> Tweak Settings

Under Domains tick:

· Prevent users from parking/adding common internet domains (hotmail.com, aol.com, etc)

Under Mail tick:

· Attempt to prevent pop3 connection floods

· Default catch-all/default address behavior for new accounts – set this to FAIL

Under System tick:

· Use jailshell as default on new accounts

Go to: Server Setup -> Tweak Security

· Enable php open_basedir protection

· Enable mod_userdir protection

· Disable compilers for unprivileged users

Go to: Server Setup -> Shell Fork Bomb Protection

· Enable shell bomb/memory protection

When creating reseller packages, be sure to:

· Disallow creation of packages with shell acces

· Disallow creation of packages with full root access

Go to: Service Configuration -> FTP Configuration

· Disable anonymous FTP access

Go to: Account functions -> Manage Shell Acess

· Disable shell access for all users (except yourself)

Go to: MySQL -> Manage Root Password

· Change Root Password for MySQL

Go to: Security -> Quick Security Scan for Trojan Horses, and make sure you don’t have any of the following infected:

· /sbin/depmod

· /sbin/insmod

· /sbin/insmod.static

· /sbin/modinfo

· /sbin/modprobe

· /sbin/rmmod General OS Security (do not need to be running cPanel):

Restict SSH access: For improved security

Also see http://www.webhostingtalk.com/showthread.php?t=468168 & http://forums.deftechgroup.com/showthread.php?t=26&highlight=secure+vps for more security info

For mac users you can SSH into your Server using Cyberduck; select ‘Go’ -> ‘open in terminal’ from the menu.

I would formally like to thank you for your work that you have done for my company’s website, staff and clients are highly impressed by the standard of professionalism in the design and quality of your work.
On behalf of CPC Group we would like to thank you for your hard work as well as recommend your services to any potential client.

- Rozetta, cpcgroup.com.au