Revert to the next older version for now, I will have a look at this tonight when I get a chance and put out an update shortly after.
Latest News: (loading..)
30
484 replies to this topic
#481
Posted 15 May 2012, 23:02
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
#482
Posted 16 May 2012, 01:51
Ive made a few minor alterations below
http://pastebin.com/uQH30z6v
Copy the RAW Paste Data from that link into your osc_sec.php file and let me know if that sorts the issue.
http://pastebin.com/uQH30z6v
Copy the RAW Paste Data from that link into your osc_sec.php file and let me know if that sorts the issue.
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
#483
Posted 23 May 2012, 07:50
osC_Sec 5.0.8
Whats New?
- Fixed a bug in the getshield() function which could allow for partial filter bypassing
- Recoded the getRealIP() to work more efficiently
- Fixed time outs issues caused by code changes in 5.0.6
New Install instructions: see the readme.htm, as per usual, all updates contain the complete package
Updating:
Replace the osc_sec.php file in your catalogs /includes/ directory with the one in the /includes/ directory of this zip file.
Please report any bugs to the discussion forums at http://goo.gl/dQ3jH or email rohepotae@gmail.com
Download from: http://addons.oscommerce.com/info/8283
Whats New?
- Fixed a bug in the getshield() function which could allow for partial filter bypassing
- Recoded the getRealIP() to work more efficiently
- Fixed time outs issues caused by code changes in 5.0.6
New Install instructions: see the readme.htm, as per usual, all updates contain the complete package
Updating:
Replace the osc_sec.php file in your catalogs /includes/ directory with the one in the /includes/ directory of this zip file.
Please report any bugs to the discussion forums at http://goo.gl/dQ3jH or email rohepotae@gmail.com
Download from: http://addons.oscommerce.com/info/8283
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
#484
Posted Yesterday, 05:07
Taipo, I love this security contib you have worked with its fantastic, just of late i have noticed a little issue with a site that i have setup. i have been using the old Credit card payment module with OSC2.2 i have noticed that it blocks me when i get an error from that module. eg:
i don't put in the correct card number it shouls throw an error! when it does i get blocked (IPTrap). if i enter the details correctly it will proceed through the order.
this is what i have been sent in the email.
i have even tried back to version 5.04 and still get blocked. any help would be appreciated.
i don't put in the correct card number it shouls throw an error! when it does i get blocked (IPTrap). if i enter the details correctly it will proceed through the order.
this is what i have been sent in the email.
This IP [ 220.245.75.138 ] has been IP Trap banned on the http://catfood.com.au website by osC_Sec.php version 5.0.8 REASON FOR BAN: osC_Sec detected a base64 encoded blacklisted query_string value: £'. Time of ban: Fri, 25 May 2012 04:45:41 .------------[ ALL $_GET VARIABLES ]------------- # # - payment_error = cc # - error = The first four digits of the number entered are: . If that number is correct, we do not accept that type of credit card. If it is wrong, please try again. # - cc_owner = Ben Rossi - Employee # - cc_expires_month = 01 # - cc_expires_year = 12 # `-------------------------------------------------------- .---------[ ALL $_POST FORM VARIABLES ]------- # # - No POST form data # `-------------------------------------------------------- .------------[ $_SERVER VARIABLES ]-------------- # # - DOCUMENT_ROOT = /home/catfood/public_html # - GATEWAY_INTERFACE = CGI/1.1 # - HTTPS = on # - HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 # - HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.3 # - HTTP_ACCEPT_ENCODING = gzip,deflate,sdch # - HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.8 # - HTTP_CACHE_CONTROL = max-age=0 # - HTTP_CONNECTION = keep-alive # - HTTP_COOKIE = __utma=7699744.1440227245.1288772200.1288772200.1291197083.2; osCsid=23d75122ee251e63cc45161d76af15b6; cookie_test=please_accept_for_session # - HTTP_HOST = catfood.com.au # - HTTP_REFERER = https://catfood.com.au/checkout_confirmation.php # - HTTP_USER_AGENT = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5 # - PATH = /bin:/usr/bin # - QUERY_STRING = payment_error=cc&error=The+first+four+digits+of+the+number+entered+are%3A+.+If+that+number+is+correct%2C+we+do+not+accept+that+type+of+credit+card.+If+it+is+wrong%2C+please+try+again.&cc_owner=Ben+Rossi+-+Employee&cc_expires_month=01&cc_expires_year=12 # - REDIRECT_STATUS = 200 # - REMOTE_ADDR = 220.245.75.138 # - REMOTE_PORT = 19173 # - REQUEST_METHOD = GET # - REQUEST_URI = /checkout_confirmation.php?payment_error=cc&error=The+first+four+digits+of+the+number+entered+are%3A+.+If+that+number+is+correct%2C+we+do+not+accept+that+type+of+credit+card.+If+it+is+wrong%2C+please+try+again.&cc_owner=Ben+Rossi+-+Employee&cc_expires_month=01&cc_expires_year=12 # - SCRIPT_FILENAME = /home/catfood/public_html/checkout_confirmation.php # - SCRIPT_NAME = /checkout_confirmation.php # - SERVER_ADDR = 202.191.62.46 # - SERVER_ADMIN = webmaster@catfood.com.au # - SERVER_NAME = catfood.com.au # - SERVER_PORT = 443 # - SERVER_PROTOCOL = HTTP/1.1 # - SERVER_SIGNATURE = <address>Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at catfood.com.au Port 443</address> # - SERVER_SOFTWARE = Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 # - UNIQUE_ID = T78Odcq-PicABrqoW2sAAAAv # - PHP_SELF = /checkout_confirmation.php # - REQUEST_TIME = 1337921141 # - 0 = payment_error=cc&error=The # - 1 = first # - 2 = four # - 3 = digits # - 4 = of # - 5 = the # - 6 = number # - 7 = entered # - 8 = are%3A # - 9 = . # - 10 = If # - 11 = that # - 12 = number # - 13 = is # - 14 = correct%2C # - 15 = we # - 16 = do # - 17 = not # - 18 = accept # - 19 = that # - 20 = type # - 21 = of # - 22 = credit # - 23 = card. # - 24 = If # - 25 = it # - 26 = is # - 27 = wrong%2C # - 28 = please # - 29 = try # - 30 = again.&cc_owner=Ben # - 31 = Rossi # - 32 = - # - 33 = Employee&cc_expires_month=01&cc_expires_year=12 # - argc = 34 # - $PHP_SELF filename ( osC_Sec ) = checkout_confirmation.php # `-------------------------------------------------------- OTHER INFO is htaccess writeable = Resolve IP address: http://en.utrace.de/?query=220.245.75.138 Search Project Honeypot: http://www.projecthoneypot.org/ip_220.245.75.138 This email was generated by osC_Sec. To disable email notifications, open osc.php file, and in the Settings section change $emailenabled = 1 to $emailenabled = 0 Keep up with the latest version of osC_Sec.php at http://addons.oscommerce.com/info/8283 and http://goo.gl/dQ3jH Email rohepotae@gmail.com with any suggestions.
i have even tried back to version 5.04 and still get blocked. any help would be appreciated.
#485
Posted Today, 02:13
Ben, if you're using the old 2.2 osC cc module, you'd better be fully PCI-DSS compliant. If you ain't, and there's a security problem, you are toast. The cc module was intended only as an example or template of credit card processing, and was removed from 2.3.1 because it was so insecure, yet stores were actually using it in production.
