Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

celextel

Members
  • Posts

    147
  • Joined

  • Last visited

Everything posted by celextel

  1. "phpids_intrusions" db table has got a column by this name "origin" to record the server ip automatically. It is unable to perform this. You need to enable error handling and find out why this is not happening. If you are unable to find out a solution to this, please make the "Null" for this column as "Yes" in this table in your MySQL DB through phpMyAdmin.
  2. You need to install both [core files from PHPIDS website and module files from the add-on section] as mentioned in our Read Me file. Please go through that file carefully and do the installation as mentioned therein.
  3. You need to Download "PHPIDS 0.6.4 (ZIP)" or the latest version at: http://php-ids.org/downloads/ Please let us know exactly as to which of the files are missing other than this one.
  4. You need to install the latest one. It has all the files. Please let us know exactly as to which of the file is not in that package.
  5. Interpreting PHPIDS result is not easy. You could go through PHPIDS forum in regard to this. This seems to be an attack. You could verify the IP and ban it.
  6. We have been using PHPIDS in 5 of our websites and we have not noticed any push to server usage. This should be due to some other factor. The reported intrusion seems to be of the feature which you were trying to test. You could add these variables [REQUEST.image, POST.image] as Variable Exclusions if required.
  7. You need to change your passwords to FTP and osCommerce Admin immediately. Someone seems to have got access to your files through FTP or osC Admin [if you have file manager there] and injected those codes. PHPIDS detects only those intrusions which take place through your website catalog URL through the query string. It would also not detect the virus codes which are already existing in the files.
  8. PHPIDS does not protect you from intrusion or virus. It only warns you when an intrusion takes place. It would also not detect any virus on your system. You need to scan your website for virus with a Virus scanner provided by your host or another osCommerce module for detecting the virus. Please leave your suggestion in regard to this [virus detection] in the PHPIDS forum at the following URL: http://php-ids.org/forum/
  9. Yes, this works only in PHP 5. Changing the codes would be difficult. Refer to the following URL in regard to this: http://forum.php-ids.org/comments.php?DiscussionID=25&page=1#Item_0
  10. NEW!! PHPIDS for osCommerce 1.6 1. A coding error / logical error has been corrected and usage of $_SERVER['PHP_SELF'] has been changed for security reasons in the banned_ip module file. 2. Usage of $_SERVER['PHP_SELF'] has been changed in the phpids_installer.php file. 3. PHPIDS 0.6.4 is ready. Overwrite the old files.
  11. It is not finding the Init.php file inside the phpids directory. Please make sure that you have gone through following "Step-A: Core" carefully: 1. Download "PHPIDS 0.6.4 (ZIP)" or the latest version at: http://php-ids.org/downloads/ 2. Unzip the zipped file and rename "phpids-0.6.4" directory as "phpids". 3. Make sure that this renamed directory has the following directories directly in it: docs lib tests 4. Upload this "phpids" directory to the osCommerce catalog/includes/ directory. If you upload this to some other directory, you need to change oscBasePath to this path in the includes/modules/osc_phpids.php file. 5. Grant write access [chmod 777] to the "tmp" folder [phpids/lib/IDS/tmp] and also to phpids_log.txt log file which is inside the "tmp" folder. The last step is also most important.
  12. Do you have any other contribution like XS shield installed? PHPIDS would not work with XS shield. >> You shouldn't be here, so go away! We do not have this warning message in PHPIDS. You need to find out as to which contribution is generating this message. It could be also from the server. >> Internal Server Error This is not related to PHPIDS. You should create a support request with the web host to do the needful in regard to this [error handling]. Please refer to the first page of this thread in regard to this:
  13. Perhaps installer has already installed PHPIDS configuration settings. Please Check. If not, run the installer again.
  14. IP Trap contribution is not ours. Yes, you have to go in the reverse of the install instructions to un-install that. It should not be difficult.
  15. NEW!! PHPIDS 0.6.4 is ready 1. Download "PHPIDS 0.6.4 (ZIP)" at the following page: http://php-ids.org/downloads/ 2. Unzip the zipped file and rename "phpids-0.6.4" directory as "phpids". 3. Make sure that this renamed directory has the following directories directly in it: docs lib tests 4. Upload this "phpids" directory to the osCommerce catalog/includes/ directory overwriting the old files.
  16. NEW!! PHPIDS for osCommerce 1.5 1. PHPIDS main configuration and Table creation codes moved to new installer file. 2. Link added to the PHPIDS Log Report file in the admin for deleting all log entries by a single click.
  17. It should be safe to add these under exclusions. We do not have this issue in our website. Are you using Ajax based shopping cart?
  18. Perhaps you do not have the database installed. Please do that or go through each of the step carefully.
  19. We would try to include this function "Clear All Logs" in the next version.
  20. Please find more info regarding this in the PHPIDS Forum at: http://forum.php-ids.org/comments.php?DiscussionID=239 You need not worry about this. It seems to be a mozilla bug related to PayPal UK website. If you get this frequently, you could add these as exception variables in the includes/modules/osc_phpids.php. The updated code should be as follows: $useExeptions = isset($useExeptions) ? explode('|', $useExeptions) : array('REQUEST.__utmz', 'COOKIE.__utmz', 'REQUEST.custom', 'POST.custom', 'REQUEST.comments', 'POST.comments', 'REQUEST.osCsid', 'COOKIE.osCsid', 'REQUEST.verify_sign', 'POST.verify_sign', 'REQUEST.s_pers', 'COOKIE.s_pers');
  21. Thanks for bringing this to our notice. We have to add the following code to includes/filenames.php in the last before ?> define('FILENAME_BANNED', 'banned.php'); Alternatively you could also correct the FILENAME_BANNED to 'banned.php' as you have done. IP Containment and Management System does not generate any emails. PHPIDS only generates emails during each of the intrusion. Emails are sent to Store Owner "E-Mail Address" and also to the email id which you have set for "Send Extra Order Emails To". If you do want PHPIDS emails to the second one, change the following setting in includes/modules/osc_phpids.php $mail_recipient = array(STORE_OWNER_EMAIL_ADDRESS, SEND_EXTRA_ORDER_EMAILS_TO); to $mail_recipient = array(STORE_OWNER_EMAIL_ADDRESS);
  22. >> Anti XSS [XSS Shield] PHPIDS would not work fully if you use this as some of the query strings get sanitized. You do not require this if you use Security Pro as both of them have almost same functions. That Read Me file quoted by us [in our Read Me HTML file] is of IP Containment and Management System.
  23. 1. Yes, IP Trap contribution is not needed and you could remove it before installing PHPIDS. 2. You could have PHPIDS along with Anti Hacker Account Mods Contribution by Spooks. There should not be any compatibility issues.
×
×
  • Create New...