This a breakdown of your site the way I see it. I tried to simplify it so you ca

1. This a breakdown of your site the way I see it. I tried to simplify it so you can understand it. I look foward to working with you in the future.
2.  
3.  
4. URL: www.rasfarmusa.com
5.  
6. I got this:
7. User: rasfarm1_cart
8. password: qq132456 table: rasfarm1_cart
9. Port: 3306
10. Host: Bluehost
11. (Shouldn't of been that easy)
12.  
13. List of things site is vulnerable to:
14.  
15. SQL Injection
16.  
17. Blind SQL Injection
18.  
19. XSS Injection
20.  
21. LFI
22.  
23. RFI
24.  
25. SQL Injections:
26.  
27. /index.php?route=product/category&path=11'"
28.  
29. /index.php?route=product/product&product_id=91'"
30.  
31. /index.php?route=product/category'"&path=11
32.  
33.  
34. Port Scan Results:
35.  
36. FTP Port 20 is Closed
37.  
38. FTP Port 21 is Open
39.  
40. SSH 22 Port is Open
41.  
42. TelNet Port 23 is Closed
43.  
44. SMTP port 25 is open
45.  
46. DNS Port 53 is Open
47.  
48. HTTP Port 80 is Open
49.  
50. Port HTTP-ALT 81 is Closed
51.  
52. Puerto POP3 110 is Open
53.  
54. NetBios 139 port is closed
55.  
56. LDAP Port 389 is Closed
57.  
58. HTTPS (SSL) Port 443 is Open
59.  
60. SQL Server 1433 Port is Closed
61.  
62. Puerto Cpanel 2082 is Open
63.  
64. MYSQL 3306 Port is Closed
65.  
66. HTTP-ALT 8080 Port is Open
67.  
68.  
69.  
70. My Recommendations:
71.  
72.  
73.  
74.  
75. Your site is great and it looks decent. It just could use a few addons and some help with the security issues it has. I found it was vulnrable to SQL Injections. It looks like your site is using an SQL database and the Database management of an SQL Database is done with PHP. The actual database is an SQL database, but websites interact with databases using PHP and Php could mean the site is Vulnerable to SQL Injection but that is only an issue If proper measures aren't put into place, it can be and In this case proper measures were not put into place. Basicly It's the code that runs the actual site, It manages databases, actions etc. and the PHP runs the whole backend of a site. One thing I tried was putting an apostrophe in the URL and password input to see if there is an Error and there definitely was. you will find that If the domain name isnt vulnerable to SQL Injections that means every file path of the domain probably isn't vulnerable, but in this case the domain name is vulnrable to SQL Injection and that is a huge Security risk. With SQL Injections hackers can obtain information like user information, company information, credit card info and more and that is a huge Security risk. Also since your site is being hosted on Bluehost it is an even bigger risk. I reccomend you find new place to host it due to allot of hackers targeting bluehost sites. Also you need Restrict your Whois so when someone does a Whois lookup they can not get your information.
76. your site is also vulnrable to XSS Injection and that is also a big risk. It makes it pretty easy for hackers to take down your site. you also need to take care of the fact that is is vulnrable to LFI and RFI that also puts it at a big risk. Though it would take a considerable amount of time and effort to repair your site due to the fact that it is harder to deal with that stuff in this stage, usually it is best to handle this stuff in the early stages but since I assume it wasn't detected it wasn't dectected. I think I can help it will take a while and be a lot of work but this is a big issue. I highly recommend we fix the security issues before adding anything else to the site so it won't be even harder to fix. I am also happy to help improve the site features and add things but after the security is delt with.