OsCommerce, while a great ecommerce solution; has it’s weaknesses.
This article is designed to highlight some really simple steps to take to make osCommerce a bit more reliable.
Step 1. Change the default admin folder name, still needs to be something you will remember but it doesn’t need to be so obvious as “admin” (e.g it could be “secureadmin” for instance)
Step 2. Use a second level of authentication on your new “admin” / “secureadmin” folder, this canbe set up simply via cPanel or whichever control panel your hosting provider provides you with. (password protected directories)
Step 3. If you are not using the “Tell A Friend” module, delete it as this is wide open for misuse by spammers.
These three steps will protect you from a lot of vulnerabilities that have been discovered on OsCommerce. But as always, backup your database and website regularly as nothing is safe forever