kadett Posted January 25, 2010 Share Posted January 25, 2010 Hello everyone. Need help. My site is continiously attacked by some sort of XSS attacks. I've installed Anti-XSS script (http://addons.oscommerce.com/info/6044 - the "other version"), but attacks continues though. Search engine reports that URL's which litter search engines search results is shown below (one of them): _http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20 href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20 href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E Any suggestions? Dmitry Link to comment Share on other sites More sharing options...
♥FWR Media Posted January 25, 2010 Share Posted January 25, 2010 Hello everyone. Need help. My site is continiously attacked by some sort of XSS attacks. I've installed Anti-XSS script (http://addons.oscommerce.com/info/6044 - the "other version"), but attacks continues though. Search engine reports that URL's which litter search engines search results is shown below (one of them): _http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20 href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20 href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E http://www.xxx.com/index.php?manufacturers=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&manufacturers_id=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E&osCsid=%22%27%3E%3Ca%20href=http://xxx.ru%3Exxx.ru%3C/a%3E Any suggestions? Dmitry Security Pro secures the querystring and this is a querystring attack. I think it is worth remembering however that I can visit your site with naughty stuff in the querystring and the server may log it .. it doesn't mean it has been successful though. There are tests you can run ( in security pro instructions ) where you can see which characters are getting through. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.