Jump to content


Hosting Developers Payment Shipping Accounting Templates Marketing Books

Our Partners


Latest News: (loading..)

- - - - -

XSS attacks

Started by kadett, Jan 25 2010 07:45 PM

This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1   kadett

kadett
  • Members
  • 1 posts

Posted 25 January 2010 - 07:45 PM

Hello everyone. Need help.

My site is continiously attacked by some sort of XSS attacks.

I've installed Anti-XSS script (http://addons.oscommerce.com/info/6044 - the "other version"), but attacks continues though.

Search engine reports that URL's which litter search engines search results is shown below (one of them):

_http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20
href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20
href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E

http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E
Any suggestions?

Dmitry

Edited by kadett, 25 January 2010 - 07:50 PM.

#2   FWR Media

FWR Media
  • Community Sponsor
  • 6,839 posts

Posted 25 January 2010 - 10:02 PM

View Postkadett, on 25 January 2010 - 07:45 PM, said:

Hello everyone. Need help.

My site is continiously attacked by some sort of XSS attacks.

I've installed Anti-XSS script (http://addons.oscommerce.com/info/6044 - the "other version"), but attacks continues though.

Search engine reports that URL's which litter search engines search results is shown below (one of them):

_http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20
href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20
href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E

http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E
Any suggestions?

Dmitry

Security Pro secures the querystring and this is a querystring attack.

I think it is worth remembering however that I can visit your site with naughty stuff in the querystring and the server may log it .. it doesn't mean it has been successful though.

There are tests you can run ( in security pro instructions ) where you can see which characters are getting through.
Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls

KissMT Dynamic SEO Meta & Canonical Header Tags

KissER Error Handling and Debugging

KissIT Image Thumbnailer

Security Pro - Querystring protection against hackers ( a KISS contribution )

If you found my post useful please click the "Like This" button to the right.
Please only PM me for paid work.
Back to Security


  1. osCommerce Support Forum
  2. osCommerce Online Merchant v2.x
  3. Security
  4. Privacy Policy
  5. Forum Rules ·