258 replies to this topic

[JoshBowe]

Hi,

Just installed PHPIDS on 2.3.1 and can't seem to get it to work. As soon as I  turn it on through the admin control panel my website front page just won't load.

I've followed the steps exactly as they are in the install guide, my "phpids" file was uploaded to website.com/includes/phpids without the catalog part. Could that be causing the problem? Otherwise I did everything as it said. Any help would be appreciated, cheers.

[mhondebrink]

I got the following message when I try to do the following test http://www.example.com/?id=1&test=">XXX works fine

What can be the issue?

[PLUGGER]

is there any way of having this send out emails to an alternate email address and not the owner of the store   i.e.  the store developer instead

and excuse me if i have missed the answer already

[guicher]

Hi all,

I've just installed this contribution and I've checked the installation twice, so that I've made no errors. But I still have a problem. Before entering the test URL's I set the following settings.

PHPIDS Module : true
IP Ban Module : true
Show Intrusion Result : true
E-mail Log Impact Score : 8
DB Log Impact Score : 4
IP Ban Impact Score : 70                                                                                                    


After entering the test URL's nothing happens. No message at the top of the page, no entries into the database and no emails received. Also nothing is written into the log file (which has chmod 777). When I enter an IP address manually into de banned IP's (via tools) the blocking work as it should.

Can anyone help me out here?

Kind regards
Rene Guicherit (aka guicher)

Edited by guicher, 24 November 2011 - 08:14 PM.

[guicher]

guicher, on 24 November 2011 - 08:10 PM, said:

Hi all,

I've just installed this contribution and I've checked the installation twice, so that I've made no errors. But I still have a problem. Before entering the test URL's I set the following settings.

PHPIDS Module : true
IP Ban Module : true
Show Intrusion Result : true
E-mail Log Impact Score : 8
DB Log Impact Score : 4
IP Ban Impact Score : 70


After entering the test URL's nothing happens. No message at the top of the page, no entries into the database and no emails received. Also nothing is written into the log file (which has chmod 777). When I enter an IP address manually into de banned IP's (via tools) the blocking work as it should.

Can anyone help me out here?

Kind regards
Rene Guicherit (aka guicher)

Just tested the website with Kyplex security scan. And know what! All kinds of intrusions are detected and reported. So I think it's working. Only the test URL's which came with the installation manual don't work?

Kind regards
guicher

[iflyamphib]

Good evening. I've installed a clean (not upgrading) version of 1.7 for osc 2.3.1 this afternoon. With both test urls:

http://www.siteurl.com/&test=%22%3EXXX and
http://www.siteurl.com/?test="><script>eval(window.name)</script>

I receive the following:
403 Forbidden

You don't have permission to access / on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

• If I remove the portion after the .com, the test site loads / functions properly.
  
• The database tables have been created properly and are viewable from Php Admin.
  
• I've gone through the install manual twice to verify placement of the files and code within the modified files.
  
• I can add myself (ip from the Who's Online) and ban myself, and then receive the email successfully (using the contact form only).
  
• Nothing is logged to the PHPIDS Log report however. Should it be when manually banning an IP?
  
• The host is HostGator. Server running php 5.2.17 with PDO enabled (viewed from previous posts)
  
• This is a new test site where I have been adding contributions to have as a 'master' for upgrading / creating other sites.

Is this a hosting issue? Thank you for any light anyone can shed on this. Jim

[Taipo]

Suggestion:

file: banned_ip.php
code:

$ip_check = tep_get_ip_address();

Since tep_get_ip_address() can allow either the values of the HTTP_X_FORWARDED_FOR or HTTP_CLIENT_IP header (if set) to be the ip address ahead of the dependable REMOTE_ADDR, and because it is possible to spoof both of those headers, it might be better to stick with REMOTE_ADDR as the ip address to check for banned IPs in the db. That would also be consistent with the fact that REMOTE_ADDR is used as the ip address that is banned in the banned.php file.

I know that where the webserver is a part of a cluster configuration, this can also cause false IP addresses to be banned, if you however depend on tep_get_ip_address() to check IPs in the db, that may allow for this addon to be completely bypassed if an attacker got to thinking about sending spoofed HTTP_X_FORWARDED or HTTP_CLIENT_IP ip addresses with their attacks.

code suggestion:

$ip_check = ( false !== isset( $_SERVER ) ) ? $_SERVER[ "REMOTE_ADDR" ] : getenv( "REMOTE_ADDR" );

Or more simply:

$ip_check = $_SERVER[ "REMOTE_ADDR" ]

[badbo]

2. Unzip the zipped file and rename "phpids-0.6.4" directory as "phpids".

3. Make sure that this renamed directory has the following directories directly in it:
docs
lib
tests


None of these files are in any of the packages

[geoffreywalton]

Maybe if it said create these 3 directories in ........

Cheers

G

[badbo]

What is says is to:  
1. Download "PHPIDS 0.6.3.1 (ZIP)" or the latest version at:
http://php-ids.org/downloads/

2. Unzip the zipped file and rename "phpids-0.6.3.1" directory as "phpids".

3. Make sure that this renamed directory has the following directories directly in it:
docs
lib
nbproject
tests

This site can not be reached. if you have go  somewhere else to get these that are not in the packages, then it is not a complete package and should state that in the package downloads instead of saying (this is a complete package.

[badbo]

Does anyone have the phpids that they can upload to the package area. The http://php-ids.org/downloads/ can no longer be reached.
Thanks

[badbo]

getting this error  1.6 installed with latest  phpids 7.0 innstalled
Fatal error: Call to a member function bindParam() on a non-object in /home/xx/public_html/xxx/includes/phpids/lib/IDS/Log/Database.php on line 272

[altoid]

badbo, on 05 December 2011 - 07:56 PM, said:

Does anyone have the phpids that they can upload to the package area. The http://php-ids.org/downloads/ can no longer be reached.
Thanks

Try https://phpids.org/downloads/

[badbo]

altoid, on 06 December 2011 - 06:41 PM, said:

Try https://phpids.org/downloads/

I have already installed the latest 7.0 but can find now answer for the error

[cooch]

Can't get wishlist.php to work because POST.prod_link and REQUEST.prod_link are being detected as xss attacks:


Affected tags: xss csrf
Affected parameters: REQUEST.prod_link.0=http%3A%2F%2Fwww.domain.com%2Fstore%2Fproduct_info.php%3Fproducts_id%3D367%7B1%7D2, POST.prod_link.0=http%3A%2F%2Fwww.domain.com%2Fstore%2Fproduct_info.php%3Fproducts_id%3D367%7B1%7D2,
Request URI: /store/wishlist.php

I added REQUEST.prod_link and POST.prod_link to the exclusion list with no luck.

If I have a number of items on wishlist, the total impact bans me...Any ideas?

[ancla]

Hello, good evening

I’m trying to instal a clean (not upgrading) version of 1.7 for osc 2.2rc2a.

At “Step-B: Admin” point 5 states:

Find the following code in admin/includes/boxes/tools.php file:

Array {
  ‘code’ => FILENAME_ACTION_RECORDER,
  ‘title’ => BOX_TOOLS_ACTION_RECORDER,
  ‘link’ => tep_href_link (FILENAME_ACTION_RECORDER)
},

Though that array is not in my “tools.php” file. The whole content of my file is:

<?php
/*
  $Id: tools.php 1739 2007-12-20 00:52:16Z hpdl $
  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com
  Copyright © 2002 osCommerce
  Released under the GNU General Public License
*/
?>
<!-- tools //-->
  <tr>
    <td>
<?php
  $heading = array();
  $contents = array();

  $heading[] = array('text'  => BOX_HEADING_TOOLS,
'link'  => tep_href_link(FILENAME_BACKUP, 'selected_box=tools'));

  if ($selected_box == 'tools') {
    $contents[] = array('text'  => '<a href="' . tep_href_link(FILENAME_BACKUP) . '" class="menuBoxContentLink">' . BOX_TOOLS_BACKUP . '</a><br>' .
   '<a href="' . tep_href_link(FILENAME_BANNER_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_BANNER_MANAGER . '</a><br>' .
   '<a href="' . tep_href_link(FILENAME_CACHE) . '" class="menuBoxContentLink">' . BOX_TOOLS_CACHE . '</a><br>' .
   '<a href="' . tep_href_link(FILENAME_DEFINE_LANGUAGE) . '" class="menuBoxContentLink">' . BOX_TOOLS_DEFINE_LANGUAGE . '</a><br>' .
   '<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' .
   '<a href="' . tep_href_link(FILENAME_MAIL) . '" class="menuBoxContentLink">' . BOX_TOOLS_MAIL . '</a><br>' .
   '<a href="' . tep_href_link(FILENAME_NEWSLETTERS) . '" class="menuBoxContentLink">' . BOX_TOOLS_NEWSLETTER_MANAGER . '</a><br>' .
   '<a href="' . tep_href_link(FILENAME_SERVER_INFO) . '" class="menuBoxContentLink">' . BOX_TOOLS_SERVER_INFO . '</a><br>' .
       '<a href="' . tep_href_link('csv_import.php') . '" class="menuBoxContentLink">Importar CSV de Excel/OOCalc</a><br>' .
   '<a href="' . tep_href_link(FILENAME_WHOS_ONLINE) . '" class="menuBoxContentLink">' . BOX_TOOLS_WHOS_ONLINE . '</a>');
  }
  $box = new box;
  echo $box->menuBox($heading, $contents);
?>
    </td>
  </tr>
<!-- tools_eof //-->

Please, can anyone tell me where insert the following required code or if lacks some code in my file?
The code to insert is:

  array(
    'code' => FILENAME_PHPIDS,
    'title' => BOX_TOOLS_PHPIDS,
    'link' => tep_href_link(FILENAME_PHPIDS)
  ),
  array(
    'code' => FILENAME_BANNED_IP,
    'title' => BOX_TOOLS_BANNED_IP,
    'link' => tep_href_link(FILENAME_BANNED_IP)
  ),

Thank you for any help you can give me.
Angel Barros

[geoffreywalton]

Hi

Just add a line after

'<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' .

and change the words in capitals to those for the contibution you are trying to add.

HTH

G

[DougieMac]

Hi, Let me apologise first in case this problem has already been posted, but its late now and I cant find anything similar.

I am hoping you can help me with this error :-

1146 - Table 'a4993375_msc.TABLE_BANNED_IP' doesn't exist

select ip_address from TABLE_BANNED_IP where ip_status='0'

[TEP STOP]

when I try to access the shop, http://mywebsite/catalog/index.php. This occured when trying the test http://mywebsite/catalog/index.php.?id=1&test=">XXX. Prior to this test I could access the site easily.

I am running oscommerce 2.3.1 on win xp64 with phpids 1.7 installed. Given that I am fairly new to php, can you point me to where I have went wrong. There are no entries in the PHPIDS log and no entries in the banned IP section.

Edited by DougieMac, 27 January 2012 - 02:00 AM.

[DougieMac]

DougieMac, on 27 January 2012 - 01:58 AM, said:

Hi, Let me apologise first in case this problem has already been posted, but its late now and I cant find anything similar.

I am hoping you can help me with this error

1146 - Table 'a4993375_msc.TABLE_BANNED_IP' doesn't exist

select ip_address from TABLE_BANNED_IP where ip_status='0'

[TEP STOP]

when I try to access the shop, http://mywebsite/catalog/index.php. This occured when trying the test http://mywebsite/catalog/index.php.?id=1&test=">XXX. Prior to this test I could access the site easily.

I am running oscommerce 2.3.1 on win xp64 with phpids 1.7 installed. Given that I am fairly new to php, can you point me to where I have went wrong. There are no entries in the PHPIDS log and no entries in the banned IP section.

Ok, fresh look at the forum this morning and I found the solution. Doh! Apologies.

[modem2.0]

Hello,

I'm building a new shop using oscommerce 2.3.1 and I added this contrib, but when I do the 2 suggested tests I get the following error:

Exception: PDOException: SQLSTATE[28000] [1045] Access denied for user 'root'@'localhost' (using password: NO)

I'm building it on my windows PC using WAMP, so I'm wondering if this is the problem...

I have it running correctly on my old oscommerce 2.2 shop...

Any idea?