Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[contribution] Security Pro - Querystring protection against hackers.


FWR Media

Recommended Posts

@@alexman

That means it is not working.

Try the test here, and see the results

http://mtrosemedia.tk/store/

 

On another note @@FWR Media

I am having issues with characters appearing as strange symbols. Mainly the apostrophe and Quotations in my Product Description.

example: http://mtrosemedia.tk/store/product_info.php/the-father-wants-you-home-p-58

Those should be quotes or apostrophes

I have product tabs and product info box installed

Link to comment
Share on other sites

@@alexman

That means it is not working.

Try the test here, and see the results

http://mtrosemedia.tk/store/

 

On another note @@FWR Media

I am having issues with characters appearing as strange symbols. Mainly the apostrophe and Quotations in my Product Description.

example: http://mtrosemedia.tk/store/product_info.php/the-father-wants-you-home-p-58

Those should be quotes or apostrophes

I have product tabs and product info box installed

 

Thx for answer. Now I think is ok even I cannot return at the last page. I suppose is important to get that "working" , and in main page is normal to receive the message:

 

Products meeting the search criteria

 

There is no product that matches the search criteria.

Edited by alexman
Link to comment
Share on other sites

  • 1 year later...

I hope that this add-on is still being supported here, since I don't see any activity in this thread in the last year. Maybe that's a good thing B)

 

I am currently using the KissER add-on to assist in tracking down code errors, and have been pleased with it. Now, it's time to turn my attention to security ...

 

I am looking at both your Security Pro add-on:

 

http://addons.oscommerce.com/info/7708

 

and the osC_Sec add-on by another contributor:

 

http://addons.oscommerce.com/info/8929

 

At the risk of being rude, may I ask what yours does better, or that the other doesn't do?

 

Thank you in advance!

 

Malcolm

Edited by ArtcoInc
Link to comment
Share on other sites

  • 3 years later...

hi Robert @ FWR Media,

Thank you very much for your great addon.

I just installed the PHPIDS on the BS-Edge version, and then your Security Pro.

Has problem to run the phpids_installer.php so have to mannually run the sql to create 3 tables for phpids.

Everything works ok, using the example [w](o)%3Cr%3Ek|i*n^g  you gave on the installation document,

[w](o)%3Cr%3Ek|i*n^ is still working, but if i search with [w](o)%3Cr%3Ek|i*n^g,

then i got this message said:

Exception: 42S02, 1146, Table 'catalogue.phpids_intrusions' doesn't exist

but i am very sure that phpids_instrusions has created in my database.

Can you please explain the problem and how can i resolve it?

 

Many thanks in advance.

 

Lyn

 

Link to comment
Share on other sites

  • 4 weeks later...

Hi,

I could not find any forum on here that deals specifically with MySQL security. And, since I do have this add-on installed, I figured I would ask here.  My site is an older version MS2.2

I recently noticed the STORE_ZONE field in MySQL was altered. The hack came from outside the site’s admin panel. I have several security layers to secure access to that admin area.

The added entry was not a selection from the drop-down menu used to edit that field, which is based on my country’s code. I’m now looking for a solution to patch that hole.

So,.. I thought about revoking the rights to insert, update, delete that configuration table from the public. However, I am not sure if that will be enough or the right way to go, or if there is a better alternative.  

I’d love to know how the hack was executed and if I missed securing a form or some other entry point. However, at this time I think blocking all write access to that configuration table would likely work. Any help on this would be greatly appreciated.

 

 

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...