Intrusion Detection Security Features

Intruder Detection

An intrusion detection system is used to help detect if order information may have been accessed by an unauthorized user. The best way to avoid unauthorized access to order information is to change your Back Office password on a frequent basis. It is also a good idea to remove completed orders from the system. If you want to keep a history of customers and orders, you should download your orders and save them on your local system without credit card information. The intrusion detection system is designed to notify merchants of possible unauthorized access, but only good security practices can prevent it.

The current month's access log can be viewed by the merchant at any time by clicking on the View Log button (see below). PCI Security Guidelines require merchants to keep a full year of logs. The previous twelve months logs are automatically stored in the [datadir]/stats directory in your ShopSite installation, with the name order_log.n (where n is a number between 1 and 12, representing how many months prior to the current month the file represents, so order_log.2 would be for two months ago, and order_log.8 would be eight months ago.

Note:

If you are concerned about the amount of disk space the security logs take up, you may want to compress the log files or copy them to your local computer. Contact your hosting provider for information on how to compress old log files.

The intrusion detection system uses browser cookies (a small file stored on your computer) to identify an authorized computer. The first time you access the order page, ShopSite will assign an ID (in a cookie) to your browser. If a different computer views the order page, a warning will be displayed indicating that an unrecognized computer has accessed the order system. You will be able to indicate whether the computer should be trusted or not. All access to the order system is logged.

There are several possible reasons why a warning might be displayed, even if you are the only person to access the order system. Any time you use a new computer or a new browser on the same computer, or if you clear your browser's cookies, the security system will think you are a new user.

Note:

The intrusion detection system requires cookies to be enabled on the merchant's client computer(s) in order to accurately track and report unauthorized access to the order system, although access logging will continue regardless of whether or not cookies are enabled.

Security Configuration

Log Size

Set how many accesses from the log file will be displayed when you click the View Log button.

View Log

View the log information. The log records the time/date, whether the computer was trusted, the ID, the IP (internet) address, the domain, what action was taken, and whether the order system was accessed securely.

Trusted Computers

The ID of every computer ShopSite will not generate warnings for is listed in this box.

Remove Trusted

You can remove a computer from the trusted list by selecting the appropriate ID from the trusted computers list and clicking on this button.

E-mail Warnings

Shopsite will send the merchant an E-mail warning message if any of the following things happen:

Any computer is added to the trusted list.
The computer ID, IP address, and domain name (if available) of any computer added to the list will be E-mailed to the merchant to help prevent someone from accidentally or maliciously adding a computer that should not be trusted.

The trusted list file is modified.
If any other program or person changes the file that contains the list of trusted computers, ShopSite will send a warning E-mail to the merchant indicating the file has been changed.

The access log file is modified.
If any other program or person changes the file that contains the access log, ShopSite will send a warning E-mail to the merchant indicating the file has been changed.

ShopSite Help and Resource Center
Last updated: January 23, 2007
Give Feedback