[contribution] Security Pro - Querystring protection against hackers.

[newburns 8]

@@alexman

That means it is not working.

Try the test here, and see the results

http://mtrosemedia.tk/store/

 

On another note @@FWR Media

I am having issues with characters appearing as strange symbols. Mainly the apostrophe and Quotations in my Product Description.

example: http://mtrosemedia.tk/store/product_info.php/the-father-wants-you-home-p-58

Those should be quotes or apostrophes

I have product tabs and product info box installed

[alexman 2]

@@alexman

That means it is not working.

Try the test here, and see the results

http://mtrosemedia.tk/store/

 

On another note @@FWR Media

I am having issues with characters appearing as strange symbols. Mainly the apostrophe and Quotations in my Product Description.

example: http://mtrosemedia.tk/store/product_info.php/the-father-wants-you-home-p-58

Those should be quotes or apostrophes

I have product tabs and product info box installed

 

Thx for answer. Now I think is ok even I cannot return at the last page. I suppose is important to get that "working" , and in main page is normal to receive the message:

 

Products meeting the search criteria

 

There is no product that matches the search criteria.

Edited April 8, 2013 by alexman

[ArtcoInc 322]

I hope that this add-on is still being supported here, since I don't see any activity in this thread in the last year. Maybe that's a good thing B)

 

I am currently using the KissER add-on to assist in tracking down code errors, and have been pleased with it. Now, it's time to turn my attention to security ...

 

I am looking at both your Security Pro add-on:

 

http://addons.oscommerce.com/info/7708

 

and the osC_Sec add-on by another contributor:

 

http://addons.oscommerce.com/info/8929

 

At the risk of being rude, may I ask what yours does better, or that the other doesn't do?

 

Thank you in advance!

 

Malcolm

Edited May 28, 2014 by ArtcoInc

[ce7 3]

hi Robert @ FWR Media,

Thank you very much for your great addon.

I just installed the PHPIDS on the BS-Edge version, and then your Security Pro.

Has problem to run the phpids_installer.php so have to mannually run the sql to create 3 tables for phpids.

Everything works ok, using the example [w](o)%3Cr%3Ek|i*n^g  you gave on the installation document,

[w](o)%3Cr%3Ek|i*n^ is still working, but if i search with [w](o)%3Cr%3Ek|i*n^g,

then i got this message said:

Exception: 42S02, 1146, Table 'catalogue.phpids_intrusions' doesn't exist

but i am very sure that phpids_instrusions has created in my database.

Can you please explain the problem and how can i resolve it?

 

Many thanks in advance.

 

Lyn

 

[♥frankl 277]

@ce7 Robert no longer posts here Lyn.

Double check you have that table installed (and the spelling is correct!)

[Demitry 33]

Hi,

I could not find any forum on here that deals specifically with MySQL security. And, since I do have this add-on installed, I figured I would ask here.  My site is an older version MS2.2

I recently noticed the STORE_ZONE field in MySQL was altered. The hack came from outside the site’s admin panel. I have several security layers to secure access to that admin area.

The added entry was not a selection from the drop-down menu used to edit that field, which is based on my country’s code. I’m now looking for a solution to patch that hole.

So,.. I thought about revoking the rights to insert, update, delete that configuration table from the public. However, I am not sure if that will be enough or the right way to go, or if there is a better alternative.  

I’d love to know how the hack was executed and if I missed securing a form or some other entry point. However, at this time I think blocking all write access to that configuration table would likely work. Any help on this would be greatly appreciated.