Open source ecommerce software vs. something else, cheap
December 18, 2005 7:28 PM   Subscribe

OSCommerceFilter: I need to find a new ecommerce site package for a small business client. OSCommerce has been fun, and that whole open source terrain is a real kick, but security problems have become serious, and it's time to consider something else.

Hackers have done their damage. I'm getting my ass kicked figuring it out, finding the source of the problem, and swimming through the crap that is open source support. My client is not wealthy, and feeds their family with some (roughly 1/4th) of the income from the site. Those shitheads hit at the worst time of the year (the holidays), I'm super busy at work, and come home to a family. I don't really charge my client for ongoing support, but this is a whopper. I'm facing a site rebuild/redo.

Do I slap her with a $10,000 package? Point her elsewhere? Give OSCommerce a loving, forgiving turn again at the nails going through my hands and feet?

NEEDED: a cheap, easy to run, customizable ecommerce package (with extesibility, and shipping/payment processing features) that is reputable, hosted privately, friendly to design customization, with robust reporting, tight security and adequate support.
posted by ValveAnnex to Computers & Internet (8 answers total)
I've never used OSCommerce, but have heard good things about it. What was the exploit that the hackers used? Was this a flaw in OSCommerce, or your setup/environment? I'd be a little surprised to hear that there's an known vulnerability without a patch.

If you do decide to go to another package, I've had good experiences with ShopSite. It's fairly customizable, has quite a few features, and not too expensive-- less than $100/month for most businesses, depending on your chosen hosting provider. Support is provided by the hosting provider, not the software developer, so you'd want to make sure that the host you chose gave good support.
posted by justkevin at 7:44 PM on December 18, 2005

Response by poster: justkevin: a "contact us" php form page was exploited. The host sent me a notice saying it was being abused by spammers. By the time I found a solution (being too busy), it was too late.

For all: reference to php problem issue, (and the US-CERT Warning bulletin).
posted by ValveAnnex at 8:02 PM on December 18, 2005

That is a common problem with some php forms. I don't see why you need to change shopping cart software because of it. If you have fixed why the need to switch?
posted by meta87 at 8:52 PM on December 18, 2005

That warning is from February. It appears a security fix was released in November.
posted by camworld at 9:08 PM on December 18, 2005

Response by poster: camworld: see, a perfect example. In order for me to apply this fix, I'm going to have to carefully pull all the custom scripting I did to make OSC better for design customization. Were I to just apply it, I'm sure I'd spend the next two weeks figuring it all out.

I hope I don't end up marking that as a best answer.
posted by ValveAnnex at 9:44 PM on December 18, 2005

Best answer: This year I went through the experience of starting off an ecommerce site in OsCommerce and then eventually delivering it in ZenCart. It is based on OsCommerce but I found it superior in terms of usability, robustness and features out of the box. One problem I found with the OsCommerce architecture is that it becomes harder to manage as more exensions are added. Zencart overcomes this problem to a large extent.

Having said this migration from one package to another is a lot of work (if you have many products to deal with). If you have some fundamental security flaw in the way you have deployed php then this move will not necessarily solve your problems (nor would a $10,000 package on the other hand).
posted by rongorongo at 2:08 AM on December 19, 2005

I haven't used myself it but I've also heard good things about ZenCart - at a previous job I had to maintain an OSCommerce shop and it was one of the most depressing tasks I've ever had to do - so pretty much anything would be an improvement over OSCommerce and their 'contributions'.
posted by gi_wrighty at 4:11 AM on December 19, 2005

You might want to look into Squirrelcart. Commercial, but inexpensive. Has lots of features and a nice interface. It's much more cleanly templatized, and therefore easier to customize (and maintain your customizations when upgrading), than ZenCart or any of the other osCommerce forks that are floating around—CastleKart, ECHOCart, CRE Loaded, etc.
posted by staggernation at 4:32 AM on December 19, 2005

« Older How do I locate the data files for Mac programs?   |   Welding question Newer »
This thread is closed to new comments.