The easiest way is to test the admin bypass exploit for earlier versions of osCommerce:
www.yoursite.com/index.php/login.php
That should trigger osC_Sec if it is configured correctly. Depending on your settings, it will either merely stop the page from loading, or if you have ip banning activated, it will add your ip address to the main .htaccess file thus banning it.
Latest News: (loading..)
5
506 replies to this topic
#501
Posted 25 April 2013 - 04:15 AM
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Aegis Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Aegis Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
#502
Posted 25 April 2013 - 08:55 AM
Taipo, on 25 April 2013 - 04:15 AM, said:
The easiest way is to test the admin bypass exploit for earlier versions of osCommerce:
www.yoursite.com/index.php/login.php
That should trigger osC_Sec if it is configured correctly. Depending on your settings, it will either merely stop the page from loading, or if you have ip banning activated, it will add your ip address to the main .htaccess file thus banning it.
www.yoursite.com/index.php/login.php
That should trigger osC_Sec if it is configured correctly. Depending on your settings, it will either merely stop the page from loading, or if you have ip banning activated, it will add your ip address to the main .htaccess file thus banning it.
Hi
I got forbidden page Additionally, a 404 , is this osc_sec or or htacess? sorry to sound daft.
Many thanks
Edited by jamo32, 25 April 2013 - 08:55 AM.
#503
Posted 09 May 2013 - 11:15 AM
callenords, on 14 August 2012 - 08:12 AM, said:
The solution: Find and remove (line 428 in osc_sec.php): "%000",
If you are using Google Adwords ads, the code above triggers the security system for some of your paid visitors (Google Adwords ads a "?gclid=XXXXXXXXX" parameter that in some cases triggers the security system).
I hope removing the code above is ok?
If you are using Google Adwords ads, the code above triggers the security system for some of your paid visitors (Google Adwords ads a "?gclid=XXXXXXXXX" parameter that in some cases triggers the security system).
I hope removing the code above is ok?
I've noticed that apart from removing "%000" you also need to remove these 3 from osc_sec.php:
"%bf%27"
"%a3%27"
"%8c%5c"
The gclid parameter sent by Google Adwords have triggered my security system several times because of them on "normal" visitors. I hope it is not a security risk to remove them
#504
Posted 20 May 2013 - 12:27 AM
"I hope it is not a security risk to remove them"
No problem with removing those items
I have popped up an update with those items removed.
Goto: http://addons.oscommerce.com/info/8283
No problem with removing those items
I have popped up an update with those items removed.
Goto: http://addons.oscommerce.com/info/8283
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Aegis Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Aegis Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
#506
Posted 22 May 2013 - 11:24 AM
- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Aegis Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Ignore this link - just a honeypot site to test my ideas out for osC_Sec and allow the site to be picked up by attackers.
- Fix the admin login bypass exploit here
- Aegis Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
