Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Unknown Cause of error


Guest

Recommended Posts

I suspect you have installed ip trap & have errors with that.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

  • 3 weeks later...

Hi Marvin,

 

 

I just went through a test order on your site and DID NOT find anything unusual about the transaction.

 

I placed an order for :Notebook Case Empire 17in, chose to create an account, chose to pay with money order and found no problems at all.

 

 

 

HOWEVER, You should read the thread on how to secure your site.

 

http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-site/page__st__260__p__1467163__hl__security%20spooks__fromsearch__1entry1467163

 

 

 

The layout and design of the site is good, the security is POOR.

 

 

 

Chris

Link to comment
Share on other sites

Anyone have any Ideas I'M loosing business I dont normaly post my domain but if you go to http://www.comtekcomputers.com

 

and search for router

then try and add it to the cart you will get this error every time

 

I dont even know were to start to look

Try some proper tests and report back. I do not get the error when I do as you say.

Link to comment
Share on other sites

I made this change and my ( Your IP has Been Logged ) Message went away but did I remove the security by doing this ?

 

find

RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]

 

im no expert in this but did ask on expert exchange what was causing the problem and above is what they recommended

 

and replace with

RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).* [NC]

 

file uploaded says the same thing

 

here is the post http://addons.oscommerce.com/info/6044

Link to comment
Share on other sites

Try some proper tests and report back. I do not get the error when I do as you say.

 

I'm sorry I was up all night last night trying to find out what was causing it and when I changed it the error went away it was 100% because I remoted into several different computers that I remotely manage with completely different ISP's and IP's I got the same error but after changing the code below it went away. And I was to exhausted. to come post my findings before you checked. Sorry:(

 

find

RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]

 

im no expert in this but did ask on expert exchange what was causing the problem and above is what they recommended

 

and replace with

RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).* [NC]

Link to comment
Share on other sites

Is it Necessary to rename the admin folder if you have it password protected via Cpanel ?

If you do not rename the folder and make the necessary changes in the admin configure.php file, you will get hacked for sure.

Link to comment
Share on other sites

Done thank you everything seems to still be working as well :)

 

 

Coopco

Do you think the change I maid to the httacsess file disables the security ?

I have no idea, no expertise about htaccess. Any additional level of security that does not kill your site is good. There are a few addons that address htaccess.

 

BTW, I have had 4 hack attempts since my last post here. They were trying to access the admin directory and are now banned.

Link to comment
Share on other sites

Hey now that I know were the log is I see that their are a bunch of IP's band and some are recent so I'm Pretty sure my htaccess. is up to par I also Implemented almost all the the ones that that forum recommended and even found I had some of them already installed they were just turned off because I did not know any better. But Thanks to woulderful People like your self that are willing to help I'm feeling much better now.

Have a Merry Christmas !!! rolleyes.giflaugh.gifthumbsup.gif

Thanks

Marvin

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...