Jump to content
FWR Media

[contribution] Security Pro - Querystring protection against hackers.

Recommended Posts

@@alexman

That means it is not working.

Try the test here, and see the results

http://mtrosemedia.tk/store/

 

On another note @@FWR Media

I am having issues with characters appearing as strange symbols. Mainly the apostrophe and Quotations in my Product Description.

example: http://mtrosemedia.tk/store/product_info.php/the-father-wants-you-home-p-58

Those should be quotes or apostrophes

I have product tabs and product info box installed

Share this post


Link to post
Share on other sites

@@alexman

That means it is not working.

Try the test here, and see the results

http://mtrosemedia.tk/store/

 

On another note @@FWR Media

I am having issues with characters appearing as strange symbols. Mainly the apostrophe and Quotations in my Product Description.

example: http://mtrosemedia.tk/store/product_info.php/the-father-wants-you-home-p-58

Those should be quotes or apostrophes

I have product tabs and product info box installed

 

Thx for answer. Now I think is ok even I cannot return at the last page. I suppose is important to get that "working" , and in main page is normal to receive the message:

 

Products meeting the search criteria

 

There is no product that matches the search criteria.

Edited by alexman

Share this post


Link to post
Share on other sites

I hope that this add-on is still being supported here, since I don't see any activity in this thread in the last year. Maybe that's a good thing B)

 

I am currently using the KissER add-on to assist in tracking down code errors, and have been pleased with it. Now, it's time to turn my attention to security ...

 

I am looking at both your Security Pro add-on:

 

http://addons.oscommerce.com/info/7708

 

and the osC_Sec add-on by another contributor:

 

http://addons.oscommerce.com/info/8929

 

At the risk of being rude, may I ask what yours does better, or that the other doesn't do?

 

Thank you in advance!

 

Malcolm

Edited by ArtcoInc

Get the latest Responsive osCommerce CE (community edition) here .

Share this post


Link to post
Share on other sites

hi Robert @ FWR Media,

Thank you very much for your great addon.

I just installed the PHPIDS on the BS-Edge version, and then your Security Pro.

Has problem to run the phpids_installer.php so have to mannually run the sql to create 3 tables for phpids.

Everything works ok, using the example [w](o)%3Cr%3Ek|i*n^g  you gave on the installation document,

[w](o)%3Cr%3Ek|i*n^ is still working, but if i search with [w](o)%3Cr%3Ek|i*n^g,

then i got this message said:

Exception: 42S02, 1146, Table 'catalogue.phpids_intrusions' doesn't exist

but i am very sure that phpids_instrusions has created in my database.

Can you please explain the problem and how can i resolve it?

 

Many thanks in advance.

 

Lyn

 

Share this post


Link to post
Share on other sites

@ce7 Robert no longer posts here Lyn.

Double check you have that table installed (and the spelling is correct!)


Let's make things easier for new osCommerce users http://forums.oscommerce.com/topic/402638-discussion-about-hard-coded-database-tables/?p=1718900  Getting there with osCommerce 2.4! :thumbsup:

Share this post


Link to post
Share on other sites

Hi,

I could not find any forum on here that deals specifically with MySQL security. And, since I do have this add-on installed, I figured I would ask here.  My site is an older version MS2.2

I recently noticed the STORE_ZONE field in MySQL was altered. The hack came from outside the site’s admin panel. I have several security layers to secure access to that admin area.

The added entry was not a selection from the drop-down menu used to edit that field, which is based on my country’s code. I’m now looking for a solution to patch that hole.

So,.. I thought about revoking the rights to insert, update, delete that configuration table from the public. However, I am not sure if that will be enough or the right way to go, or if there is a better alternative.  

I’d love to know how the hack was executed and if I missed securing a form or some other entry point. However, at this time I think blocking all write access to that configuration table would likely work. Any help on this would be greatly appreciated.

 

 


osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×