484 replies to this topic

[SimonLG]

Hi Te Taipo,

I uncommented the code, changed the $banipaddress and clicked on the Edit button and got the same error message.

However, when I check the htaccess file, my IP address has not been added to the file, and I didn't receive any email notification.

Thanks

Simon

[Taipo]

My apologees, I had assumed that the browser error you were receiving as the 403 access denied error. If it had, then your ip would have been banned. If you are unable to get a better idea of what the browser error is then we will have to tackle this another way. Firstly what are the other addons that you are using?

[nudylady]

nice post

[nudylady]

my site 2.2RC2 just hacked. The hacker deleted my admin accout. and created 3 new admin accounts.
One of the accounts is called admincrash.

I have installed this now. Changed all passwords. what is the next thing to do now?

Edited by nudylady, 13 January 2012, 19:09.

[geoffreywalton]

Now you have to find any infected files and how they got in.

Some basic steps on how to do this can be found in my profile.

Also links to some other actions you need to do such as renameing admin dir and ....

HTH

G

Edited by geoffreywalton, 13 January 2012, 22:50.

[callenords]

Is there away of disabling the osc_sec cookie check?

I often receive this message - even though its clearly not a hacker attempt: "osC_Sec detected malicious cookie content..."

And since I use IP trap, the IP is banned.

Thanks!

[Taipo]

In the latest version of osc_sec.php, find:

      $this->cookieShield();

and replace with:

#     $this->cookieShield();

[burt]

I have been unable to use the last 10 or 12 iterations of osc_sec.

Installation produces a 500 (if I recall correctly) error (note, osc_sec files only, not using the htaccess modifications).

[Taipo]

Try this version out Burt.

http://pastebin.com/Hn2ifX6U

( grab the code from the raw paste data at the bottom )

Let me know if that sorts the issue, if so I will post an update.

Edited by Taipo, 16 February 2012, 04:02.

[burt]

Taipo - that version seems to work well, thank you.

[sunnydt]

ok Maybe Im missing something but where do I edit? such as $httphost = "www.yoursite.com"; Cant find it anywhere.

[Taipo]

The only bits to edit now are in osc.php file which is in the zip file in the includes directory along with osc_sec.php

In fact you do not need to edit anything if you just want to add it, however if you want to ban ip addresses and such then osc.php is the file you want to look in. Check the readme.htm file for more on editing the settings.

[Taipo]

osC_Sec 5.0.1

Whats New?
- Added extra checks in $checkfilename
- Fixed an issue where files contain extra '.'. i.e. file.name.php
- Fix phpSelfFix() function
- Fixed whitespace issue with $this->_httphost
- More additions to the dbShield() function to protect against database injection attempts
- Fixed a number of issues with dbShield() to prevent false positives
- Removed base64_decode aspect of dbShield() due to it causing errors in some configurations
- More additions to getShield() function to detect local file read attempts
- Remake of the postShield() function
- Remake of the cookieShield() function
- Fixed an error in ipTrapped()

New Install instructions: see the readme.htm, as per usual, all updates contain the complete package

Updating:
Replace the osc_sec.php file in your catalogs /includes/ directory with the one in the /includes/ directory of this zip file.

Please report any bugs to the discussion forums at http://goo.gl/dQ3jH or email rohepotae@gmail.com

Download from: http://addons.oscommerce.com/info/8283

[RMD27]

Hi Taipo

Google & Babel translate do not work on my site anymore, could the OSC SEC contirbution be stopping it from working?

I also have Security Pro 2.0 installed.

These are the characters Google uses
http://translate.google.com/translate?hl=en&sl=en&tl=sq&u=http%3A%2F%2Fwww.oscommerce.com%2F

And this is what Babel uses

http://babelfish.yahoo.com/translate_url?doit=done&tt=url&intl=1&fr=bf-home&trurl=http%3A%2F%2Fwww.oscommerce.com%2F&lp=en_nl&btnTrUrl=Translate

I added % and & and = to the Secuity Pro whitelist but the translation from these pages comes back as

blank page for Google and with an

error(0) for Babel

Edited by RMD27, 27 February 2012, 16:59.

[ptt81]

I have a similar problem with Google Translate, my page loads fine but it report the following error at the top of the page:

Warning: file () [ function.file ]: Emri nuk mund të jetë bosh në / home / mydomain / public_html / përfshinë / osc_sec.php on line 675

Edited by ptt81, 27 February 2012, 18:02.

[Taipo]

What does " Emri nuk mund të jetë bosh në" mean PT?

[ptt81]

I have no idea, i just click on a random language, but the original error message is:

Warning : file() [ function.file ]: Filename cannot be empty in /home/mydomain/public_html/includes/osc_sec.php on line 675

Warning : Cannot modify header information - headers already sent by (output started at /home/mydomain/public_html/includes/osc_sec.php:675) in /home/mydomain/public_html/includes/functions/general.php on line 1355

Edited by ptt81, 27 February 2012, 19:00.

[RMD27]

so what is the thought on this? could osc_sec be stopping the translation or not???

[Taipo]

Try this version Ricardo
http://pastebin.com/RGWKExAq

Let me know how it goes.

[RMD27]

Hello Taipo,

Unfortunately no difference. Maybe it is something to do with FWRs plug in. Ill leave a message on his support thread and let you know what he says!

http://forums.oscommerce.com/topic/293326-contribution-security-pro-querystring-protection-against-hackers/page__hl__fwr__st__240