Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Installed X Sell - Now Strange Errors - HELP!


Mort-lemur

Recommended Posts

Hi,

 

I have installed X Sell 2.7.2 and found that when I accessed X Sell from my Admin, it caused my IP to be added to my IP trap on my catalog side. I narrowed this down to this line at the end of my .htaccess file where I route 403 errors into the IP trap:

 

ErrorDocument 403 /a folder/index.php

 

When I remove this code X Sell does not ban me.

 

However, I found the following entries in my error log for when I was banned:

 

[sun Sep 26 20:40:15 2010] [error] [client 88.106.40....] client denied by server configuration: /home/user/public_html/images/default.html, referer: https://www.mysite.co.uk/myadmin/xsell.php

 

[sun Sep 26 20:40:15 2010] [error] [client 88.106.40....] client denied by server configuration: /home/user/public_html/images/index.phtml, referer: https://www.mysite.co.uk/myadmin/xsell.php

 

[sun Sep 26 20:40:15 2010] [error] [client 88.106.40....] client denied by server configuration: /home/user/public_html/images/index.php, referer: https://www.mysite.co.uk/myadmin/xsell.php

 

[sun Sep 26 20:40:15 2010] [error] [client 88.106.40....] client denied by server configuration: /home/oser/public_html/images/index.php3, referer: https://www.mysite.co.uk/myadmin/xsell.php

 

There are more entries like this - it is as though X_Sell.php is sniffing for a file in the images folder, although I cannot see this in the X Sell Code.

 

What is going on here ?

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Hi again,

 

Could the above be caused by this line of code in the admin/xsell.php file:

 

<td class="dataTableContent" align="center"> <?php echo ((is_file(DIR_FS_CATALOG_IMAGES . '/'.$products['products_image'])) ?  tep_image(DIR_WS_CATALOG_IMAGES . '/'.$products['products_image'], "", 

 

Is this causing a search for all versions of index.xx in the images folder which leads to a ban?

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Ok,

 

Feeling a bit more relaxed now - I dont now think this is a hack attempt...

 

Checked the site and no unusual files, sitemonitor is not showing anything unusual, virus scan of all files is OK, and no strange code on page source.

 

So all I can assume is thet the

'/'
in the code line above is causing a search of the images directory to look for a landing page, which leads to an IP ban.

 

Would I be correct in assuming this ?

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Try changing that particular line of code to;

 

<td class="dataTableContent" align="center"> <?php echo tep_not_null($products['products_image']) ? tep_image(DIR_WS_CATALOG_IMAGES . '/' . $products['products_image'],  $products['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) : TEXT_NONE; ?> </td>

 

See if the error still occuring.

Link to comment
Share on other sites

Hi Gary,

 

Thanks for the code, tried it - but it still takes me directly to the IP trap with the same errors in the error log.

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

There is two such lines to change...

 

Hi Gary,

 

Changed lines 299 & 372 - still banned....

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Very Strange then.

 

What sort of code in a file would cause attempts of the images folder for the following file names: home.html + Default.html + index.php5 + default.html + index.phtml + index.php + index.php3 + index.php4 + index.cgi + index.pl + index.shtml + index.html what should I be looking for ? I could post the whole xsell.php file - but it is 407 lines long.

 

I have this code in a .htaccess in my images folder as well which may be blocking these as well :

 

# $Id$
#
# This is used to restrict access to this folder to anything other
# than images

# Prevents any script files from being accessed from the images folder
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
  Order Deny,Allow
  Deny from all
</FilesMatch>

 

Im Completely baffled now.

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Hi Gary,

 

No errors - I can edit the products without being banned and without any error logs being generated.

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Ok,

 

Found a product with no image - edited it in admin = Banned + Errors as above recorded.

 

What is the problem do you think ?

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

OK,

 

I have now made sure that all my products have an image - even the inactive ones.

 

Now I don't get banned by the IP trap and no errors are generatef when using X Sell - I would still like to know what causes this if anyone knows.

 

Many Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Ok,

 

Well when the image file is none existant then it starts to look for a "landing" file within the images folder, be it index.html, index.php etc etc, so when that happens the images .htaccess prevents those types of files being run, so it directs to the banning script. ???

 

However, what initiates the progranmme to look for the landing page? and to try all the variations of index or home files as I posted above?

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

  • 1 year later...

@@Mort-lemur

 

I have the same probs...

and that solved the issue

Have u found the reason?

 

I just want to understand in wich part of the script i have to look

 

I use

osC_Sec_5.0.3

KISS_FileSafe_version_1.0_r12

Security Pro 2.0 ( r7 )_1

 

And where i have to look to define a landing page?

 

Ty

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...