Jump to content

Archived

This topic is now archived and is closed to further replies.

NoID

[TiM's osC Solutions] osCommerce Threat Scanner

Recommended Posts

Hello,

 

i have read some forums, and getting an answer to use or not.

 

http://addons.oscommerce.com/info/7211

 

any help will be nice. well its according to this site.

 

www.oscmax.com/forums/new-oscommerce-contributions/21754-tims-oscommerce-solutions-oscommerce-threat-scanner.html

Share this post


Link to post
Share on other sites

It been said b4, I advise against using any add-ons that are un-supported, especially one by some-one that never comes here to post, ever!

 

 

What he seems to say in that, I`ve created this, now will some-one else support it!! ohmy.gif

 

 

 

I feel you would be better off using SiteMonitor http://addons.oscommerce.com/info/4441 smile.gif


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Just for info......

 

I was gonna have a look at this contrib but when I try to Download it my ESET Security drops the conection as it's saying the file is infected with....

 

HTML/Iframe.B.Gen.virus

Share this post


Link to post
Share on other sites

Just for info......

 

I was gonna have a look at this contrib but when I try to Download it my ESET Security drops the conection as it's saying the file is infected with....

 

HTML/Iframe.B.Gen.virus

Just downloaded the August 9, 2010 upload but I can't find any evidence of a virus (the zip is only 6 KB large...).

Share this post


Link to post
Share on other sites

Just for info......

 

I was gonna have a look at this contrib but when I try to Download it my ESET Security drops the conection as it's saying the file is infected with....

 

HTML/Iframe.B.Gen.virus

My Avast antivirus acts the same way no matter what version I try to download.

 

My hunch is that since it scans files for some infections it has "sample code" of some infections present and this is what the problem is.

 

It's kind of almost a "false positive" I think.

:)


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

This script seems to be hunting for very SPECIFIC fixes. I tried to XSS-secure my contact page four different ways. The "Checking for "Contact_us" XSS vulnerability..." did not return as [OK] until I FOUND and added the following fix:

<td><?php echo tep_draw_textarea_field('enquiry', 'soft', 50, 15); ?></td>

CHANGE TO:

<td><?php echo tep_draw_textarea_field('enquiry', 'soft', 50, 15, tep_sanitize_string($_POST['enquiry']), '', false); ?></td>

Now all 13 threat checks are finally displaying [OK]

 

It would be really nice if fix-suggestion-links went to actual fix suggestions instead of 8-page discussion threads that have numerous potential fixes - many of which create brand new errors - and a whole lot of discussion on what DOESN'T fix squat.

 

The one thing that really kills my eyes with this script is that I have to scan through 28 screens of 1316 files that all say [if possible, chmod 644] just to see if there are any REAL threat notes ... even though all of the [if poss...] files are ALREADY 644 or lower. Looks like it is simply scanning for the existence of specific file types, NOT actually checking the chmod status.

 

I chock this contrib. as DEFINITELY USEFUL, but nothing I would write Shakespearean sonnets about. I've already installed other security add-ons since battening down the 13 big hatches this script looks for.

Share this post


Link to post
Share on other sites

Whee, I'm posting. Spooks prolly falls off his chair. ;b

 

Don't find my stuff useful. Just ignore it.

 

My threat scanner is not invented by Einstein. It scans through scripts to find known threat code, or possible threat code. As for the vulnerabilities it tries to identfiy the vulnerable code itself, or in some cases it tries to identify the fix itself instead. I've had some customers with pretty bad infections. And as for the latest versions out of the threat scanner, I've managed to find 100% of the threats via the Threat Scanner in 4 cases out of 5.

 

Dunno about you guys, but this has saved me a lot of time.

 

The scanner does not protect you from future badware, it tries to find current ones.

 

Im usually active in another forum, thats why I leave the option possible in my profile to email me.

Share this post


Link to post
Share on other sites

hetmana:

 

I agree direct links to fixes rather than forum threads would be a lot better. But there are several different solutions out there for the same vulnerabilities. I just rather didn't wanna stick out as a smarta*s telling everyone what fixes were better than others.

 

Writables have been moved to the extra selectable tools instead. Many web hotels run the webserver with same privileges as the FTP user. Making it unuseful to write protect the files. The writables are detected by is_writable(), not fileperms().

 

Any suggestions are always welcome.

Share this post


Link to post
Share on other sites

germ: My Avast 5 does not detect threat_scanner.php as a virus, but Ad-aware did. This is because fragments of threat code is in the source of this script for being able to find such code in your scripts. The threat scanner itself is of course clean.

Share this post


Link to post
Share on other sites

germ: My Avast 5 does not detect threat_scanner.php as a virus, but Ad-aware did. This is because fragments of threat code is in the source of this script for being able to find such code in your scripts. The threat scanner itself is of course clean.

Now tell me something I didn't alreasdy know.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Just as necesasary as yours.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi

 

Thanks for a GREAT contribution. I am working fixing all the problems it brings up.

 

BUT I am getting an error.

 

Warning: parse_url() expects exactly 1 parameter, 2 given in /home/httpd/vhosts/mysite.com/httpdocs/admin/threat_scanner.php on line 439

Line 439 is:

 

. "<input type=\"button\" value=\"StopBadware\" onclick=\"window.open('http://stopbadware.org/home/reportsearch')\" /> <input type=\"button\" value=\"Google's Safe Browsing Diagnostics\" onclick=\"window.open('http://www.google.com/safebrowsing/diagnostic?site=mysite.com". parse_url(HTTP_SERVER, PHP_URL_HOST) ."')\" /> <input type=\"button\" value=\"Unmask Parasites Report\" onclick=\"window.open('http://www.unmaskparasites.com/security-report/?page=mysite.com". parse_url(HTTP_SERVER, PHP_URL_HOST) ."')\" /><br />\r\n";

 

Got any idea why I am getting this error?

 

Thanks

Leon


I'm having a great Day - hope you are too!

 

Leon

Share this post


Link to post
Share on other sites

Hello bibleman, Im happy you like it.

The warning you get means your PHP version is below 5.1.2. See http://se.php.net/manual/en/function.parse-url.php

Nothing to be worried about.

 

Hi

 

Thanks for a GREAT contribution. I am working fixing all the problems it brings up.

 

BUT I am getting an error.

 

 

Line 439 is:

 

 

 

Got any idea why I am getting this error?

 

Thanks

Leon

Share this post


Link to post
Share on other sites

Tim - I like the concept but can't test it. I got a missing database table error. There was no SQL included with the zip file I downloaded. Did I miss something?


Steep learning curve? Hell, I don't even know enough to formulate a stupid question!!

Share this post


Link to post
Share on other sites

jbennette: That doesn't sound right. The scanner is read only, and does not need any additional sql tables. Could you tell me the exact error message?

Share this post


Link to post
Share on other sites

×