How to enhance the security of your CS-Cart project? Make changes to robots.txt
Being a Managed Service Provider and dedicated CS-Cart fans, we could not stand aside from contributing to CMS security. Today we’ll share a hotfix for preventing indexing of special technical URLs with sensitive information.
Google indexes a lot of data from your website and caches sensitive information such as database accesses, application settings especially when the debug mode is on. Non-authorized users can exploit a Google dork*, which contains a special search query. A successful exploitation of a Google Dork for your website can allow hackers to read sensitive data from the configuration files, CS-Cart settings, add-ons.
*Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using (Wikipedia).
This information may be compromised:
- Database, FTP access credentials
- CS-Cart configuration settings (mail sender information such as google accounts, license key, admin URL, etc).
- Add-ons settings (API keys, some credentials to third-party services)
Let’s see what steps you can take to protect your confidential information.
4 easy steps to enhance security of your CS-Cart website
Robots.txt is a well known file for search engine optimization and protection against Google dorking. It involves the use of robots.txt to disallow everything or specific endpoints which prevents Google bots from crawling sensitive endpoints such as admin panels.
Step 1
Log in via SSH/SFTP, go to the project directory.
Step 2
Add string Disallow: /dispatch=debugger* to the robots.txt file after line User-agent: *
Step 3
Contact Google for removing sensitive information from search results. Click here.
Step 4
Change all access information, API keys, credentials for other services, which are used in the CS-Cart installations. We also recommend using separate servers for development and production environments.
Easy as ABC with amazing security results!
More hints about online stores security
Mark links and pages with sensitive information with special tags. Please examine these resources for further details:
Robots meta tag, data-nosnippet, and X-Robots-Tag specifications
Qualify your outbound links to Google
If you have or suspect a security problem, need assistance with tweaks or a free consultation, contact the Scalesta team. We will check your store for common security risks and vulnerabilities before they cause significant damage to your sales and business reputation.