If osC_Sec is the addon you are looking for then download it from
http://addons.oscommerce.com/info/8283
Unpack the zip file into your hardrive and open the readme.htm file which has all the instructions in it of how to install.
For a list of other recommended addons for versions of osCommerce earlier than 2.3, see this link
http://forums.oscommerce.com/topic/375288-updated-security-thread/
Latest News: (loading..)
2
651 replies to this topic
#641
Posted 27 December 2011, 19:44
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
#642
Posted 03 January 2012, 03:03
Let me explain again,
The problem is that the catalog i am using for a site didn't have any .httaccess file which is the file where we add all the contents to secure ourselves from ip attacks and to make admin site secure.
I tried to use some one's contents and added the long script from "Deny domain access to spammers httaccess script" contribution but it doesn't work. Thats why i am asking what is the best solution for that.
Thanks so much
The problem is that the catalog i am using for a site didn't have any .httaccess file which is the file where we add all the contents to secure ourselves from ip attacks and to make admin site secure.
I tried to use some one's contents and added the long script from "Deny domain access to spammers httaccess script" contribution but it doesn't work. Thats why i am asking what is the best solution for that.
Thanks so much
geoffreywalton, on 27 December 2011, 10:50, said:
The contents of the htaccess file differs by site and the contributions you have added, so it would be a complete guess as to what yours should contain.
Sorry
G
Sorry
G
#644
Posted 18 January 2012, 16:39
I installed site monitor , ip trap security addons for 2.2rc2a tomorrow and some errors appeared.Today when i try to login admin page didnt open and this errors appeared.
Warning: include(includes/secret.php) [function.include]: failed to open stream: No such file or directory in/home/freeus78/public_html/admin/includes/application_top.php on line 48
Warning: include() [function.include]: Failed opening 'includes/secret.php' for inclusion (include_path='.:/usr/local/php53/pear') in/home/freeus78/public_html/admin/includes/application_top.php on line 48
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in /home/freeus78/public_html/admin/includes/functions/sessions.php on line 102
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in /home/freeus78/public_html/admin/includes/functions/sessions.php on line 102
Warning: Cannot modify header information - headers already sent by (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in/home/freeus78/public_html/admin/includes/functions/general.php on line 22
i also tried installing security pro but couldnt.it says
if ($request_type == 'NONSSL') {
// Security Pro by FWR Media
include_once DIR_WS_MODULES . 'fwr_media_security_pro.php';
$security_pro = new Fwr_Media_Security_Pro;
// If you need to exclude a file from cleansing then you can add it like below
//$security_pro->addExclusion( 'some_file.php' );
$security_pro->cleanse( $PHP_SELF );
// End - Security Pro by FWR Media
Warning: include(includes/secret.php) [function.include]: failed to open stream: No such file or directory in/home/freeus78/public_html/admin/includes/application_top.php on line 48
Warning: include() [function.include]: Failed opening 'includes/secret.php' for inclusion (include_path='.:/usr/local/php53/pear') in/home/freeus78/public_html/admin/includes/application_top.php on line 48
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in /home/freeus78/public_html/admin/includes/functions/sessions.php on line 102
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in /home/freeus78/public_html/admin/includes/functions/sessions.php on line 102
Warning: Cannot modify header information - headers already sent by (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in/home/freeus78/public_html/admin/includes/functions/general.php on line 22
i also tried installing security pro but couldnt.it says
Find ...
if ($request_type == 'NONSSL') {
Add immediately ABOVE ...
// Security Pro by FWR Media
include_once DIR_WS_MODULES . 'fwr_media_security_pro.php';
$security_pro = new Fwr_Media_Security_Pro;
// If you need to exclude a file from cleansing then you can add it like below
//$security_pro->addExclusion( 'some_file.php' );
$security_pro->cleanse( $PHP_SELF );
// End - Security Pro by FWR Media
That's it .. all installed!
can someone show me exactly how it seems in code page are there spaces between sentences and at the bottom and the top.Thanks
Edited by adobe19, 18 January 2012, 16:51.
#645
-
- Community Sponsor
-
- 9,470 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 18 January 2012, 16:46
@adobe19,
You failed to upload the files included in the add on to the appropriate directories.
Chris
You failed to upload the files included in the add on to the appropriate directories.
Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Check my About Me page for information about Support Plans, Templates, Custom Add Ons and Professional osCommerce Security Services :|:
:|: Check my About Me page for information about Support Plans, Templates, Custom Add Ons and Professional osCommerce Security Services :|:
#646
-
- Community Sponsor
-
- 7,618 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 19 January 2012, 01:23
Look at the installation instructions for IP Trap and read the bit about where to put the file secret.php.
You have either not uploaded it or it is in the wrong place.
HTH
G
You have either not uploaded it or it is in the wrong place.
HTH
G
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#647
Posted 28 January 2012, 00:22
Hi.I almost know nothing about web site creation.While following the guides i couldnt figure out how the codes should look after i paste the new lines.I put the lines before and after pasting.Can you check if these are correct.Also i would ask the location of htaccess file.Thanks
security pro
before
// set php_self in the local scope
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
if ($request_type == 'NONSSL') {
define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
} else {
define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);
}
after
// set php_self in the local scope
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
// Security Pro by FWR Media
include_once DIR_WS_MODULES . 'fwr_media_security_pro.php';
$security_pro = new Fwr_Media_Security_Pro;
// If you need to exclude a file from cleansing then you can add it like below
//$security_pro->addExclusion( 'some_file.php' );
$security_pro->cleanse( $PHP_SELF );
// End - Security Pro by FWR Media
if ($request_type == 'NONSSL') {
define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
} else {
define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);
}
-----------------------------------------------
before
// include the list of project filenames
require(DIR_WS_INCLUDES . 'filenames.php');
// include the list of project database tables
require(DIR_WS_INCLUDES . 'database_tables.php');
after
// include the list of project filenames
require(DIR_WS_INCLUDES . 'filenames.php');
// IP Trap V5
include(DIR_WS_INCLUDES . 'secret.php');
// include the list of project database tables
require(DIR_WS_INCLUDES . 'database_tables.php');
------------------------------------------
security pro
before
// set php_self in the local scope
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
if ($request_type == 'NONSSL') {
define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
} else {
define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);
}
after
// set php_self in the local scope
if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
// Security Pro by FWR Media
include_once DIR_WS_MODULES . 'fwr_media_security_pro.php';
$security_pro = new Fwr_Media_Security_Pro;
// If you need to exclude a file from cleansing then you can add it like below
//$security_pro->addExclusion( 'some_file.php' );
$security_pro->cleanse( $PHP_SELF );
// End - Security Pro by FWR Media
if ($request_type == 'NONSSL') {
define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
} else {
define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);
}
-----------------------------------------------
before
// include the list of project filenames
require(DIR_WS_INCLUDES . 'filenames.php');
// include the list of project database tables
require(DIR_WS_INCLUDES . 'database_tables.php');
after
// include the list of project filenames
require(DIR_WS_INCLUDES . 'filenames.php');
// IP Trap V5
include(DIR_WS_INCLUDES . 'secret.php');
// include the list of project database tables
require(DIR_WS_INCLUDES . 'database_tables.php');
------------------------------------------
#648
Posted 28 January 2012, 21:52
i reread my previous post and realized couldnt make my point.I am asking if there are spaces between lines and should the lines be aligned to left or is there a spaces.Generally what do i need to do after pasting the lines.thanks
#650
-
- Community Sponsor
-
- 7,618 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 29 January 2012, 10:10
The changes to secure the log on do not need to be done in 2.3.1.
Download and read the installation instrutoins for the contributions.
Then you can decide if you want to install them.
Cheers
G
Download and read the installation instrutoins for the contributions.
Then you can decide if you want to install them.
Cheers
G
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#651
-
- Community Sponsor
-
- 7,618 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 29 January 2012, 10:11
adobe19, on 28 January 2012, 21:52, said:
i reread my previous post and realized couldnt make my point.I am asking if there are spaces between lines and should the lines be aligned to left or is there a spaces.Generally what do i need to do after pasting the lines.thanks
If it was importnt the installation instructions would have said so.
To learn more aout php look at w3schools.com
HTH
G
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#652
Posted 29 January 2012, 23:22
geoffreywalton, on 29 January 2012, 10:10, said:
The changes to secure the log on do not need to be done in 2.3.1.
Download and read the installation instrutoins for the contributions.
Then you can decide if you want to install them.
Cheers
G
Download and read the installation instrutoins for the contributions.
Then you can decide if you want to install them.
Cheers
G
Thanks for your response. I'll review the rest of them. I ran through the process in a previous version but have since installed the new one.
thanks,
Sarah
