Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Oscommerce Security - Osc_Sec.php


Taipo

Recommended Posts

@@Taipo

 

Thanks Taipo - Just uploaded the latest version and will let you know how it goes.

 

Many Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

  • Replies 598
  • Created
  • Last Reply

@@Taipo

 

Hi Again Taipo,

 

Installed the latest version and would just comment on the following:

 

When I first accessed my admin this morning and clicked on one of the customers in "whos Online" to see what they had in their basket I was banned from the site and added to the IP trap.

 

This happened around 4 times and then I was able to access without problem.

 

Again I received emails from OSC SEC stating that the hex filtering had banned me.

 

I can send you the email text again if you like.

 

Many Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

PM it through to me thanks.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Hi,

 

I installed the latest version of osc_sec

Now i cannot access my site anymore, both admin and “live”

At first, it also generated problems in logoff.php

 

Fatal error: Maximum execution time of 30 seconds exceeded in /home/admin/domains/gewoongezond.be/public_html/includes/osc_sec.php on line 590

 

Any ideas?

 

Michiel Lap

Link to comment
Share on other sites

Hi,

 

I installed the latest version of osc_sec

Now i cannot access my site anymore, both admin and “live”

At first, it also generated problems in logoff.php

 

Fatal error: Maximum execution time of 30 seconds exceeded in /home/admin/domains/gewoongezond.be/public_html/includes/osc_sec.php on line 590

 

Any ideas?

 

Michiel Lap

 

 

same type of issue here, i have just updated 5 sites.

 

osc v2.2, 1 works ok, the other wont load

osc v2.3.1, 2 work 1 will not load - 3 identical sites/code also all on same server.

Link to comment
Share on other sites

Revert to the next older version for now, I will have a look at this tonight when I get a chance and put out an update shortly after.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Ive made a few minor alterations below

http://pastebin.com/uQH30z6v

 

Copy the RAW Paste Data from that link into your osc_sec.php file and let me know if that sorts the issue.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

osC_Sec 5.0.8

Whats New?

- Fixed a bug in the getshield() function which could allow for partial filter bypassing

- Recoded the getRealIP() to work more efficiently

- Fixed time outs issues caused by code changes in 5.0.6

 

New Install instructions: see the readme.htm, as per usual, all updates contain the complete package

 

Updating:

Replace the osc_sec.php file in your catalogs /includes/ directory with the one in the /includes/ directory of this zip file.

Please report any bugs to the discussion forums at http://goo.gl/dQ3jH or email [email protected]

 

Download from: http://addons.oscommerce.com/info/8283

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Taipo, I love this security contib you have worked with its fantastic, just of late i have noticed a little issue with a site that i have setup. i have been using the old Credit card payment module with OSC2.2 i have noticed that it blocks me when i get an error from that module. eg:

 

i don't put in the correct card number it shouls throw an error! when it does i get blocked (IPTrap). if i enter the details correctly it will proceed through the order.

 

this is what i have been sent in the email.

 

This IP [ 220.245.75.138 ] has been IP Trap banned on the site.com website by osC_Sec.php version 5.0.8
REASON FOR BAN: osC_Sec detected a base64 encoded blacklisted query_string value: £'.
Time of ban: Fri, 25 May 2012 04:45:41
.------------[ ALL $_GET VARIABLES ]-------------
#
# - payment_error = cc
# - error = The first four digits of the number entered are: . If that number is correct, we do not accept that type of credit card. If it is wrong, please try again.
# - cc_owner = Jack Nicolsen - Employee
# - cc_expires_month = 02
# - cc_expires_year = 13
#
`--------------------------------------------------------
.---------[ ALL $_POST FORM VARIABLES ]-------
#
# - No POST form data
#
`--------------------------------------------------------
.------------[ $_SERVER VARIABLES ]--------------
#
# - DOCUMENT_ROOT = /home/catfood/public_html
# - GATEWAY_INTERFACE = CGI/1.1
# - HTTPS = on
# - HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# - HTTP_ACCEPT_CHARSET = ISO-8859-1,utf-8;q=0.7,*;q=0.3
# - HTTP_ACCEPT_ENCODING = gzip,deflate,sdch
# - HTTP_ACCEPT_LANGUAGE = en-US,en;q=0.8
# - HTTP_CACHE_CONTROL = max-age=0
# - HTTP_CONNECTION = keep-alive
# - HTTP_COOKIE = __utma=7699744.1440227245.1288772200.1288772200.1291197083.2; osCsid=23d75122ee251e63cc45161d76af15b6; cookie_test=please_accept_for_session
# - HTTP_HOST = site.com
# - HTTP_REFERER = https://site.com/checkout_confirmation.php
# - HTTP_USER_AGENT = Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5
# - PATH = /bin:/usr/bin
# - QUERY_STRING = payment_error=cc&error=The+first+four+digits+of+the+number+entered+are%3A+.+If+that+number+is+correct%2C+we+do+not+accept+that+type+of+credit+card.+If+it+is+wrong%2C+please+try+again.&cc_owner=Jack+Nicolsen+-+Employee&cc_expires_month=02&cc_expires_year=13
# - REDIRECT_STATUS = 200
# - REMOTE_ADDR = 220.245.75.138
# - REMOTE_PORT = 19173
# - REQUEST_METHOD = GET
# - REQUEST_URI = /checkout_confirmation.php?payment_error=cc&error=The+first+four+digits+of+the+number+entered+are%3A+.+If+that+number+is+correct%2C+we+do+not+accept+that+type+of+credit+card.+If+it+is+wrong%2C+please+try+again.&cc_owner=Jack+Nicolsen+-+Employee&cc_expires_month=02&cc_expires_year=13
# - SCRIPT_FILENAME = /path_to/checkout_confirmation.php
# - SCRIPT_NAME = /checkout_confirmation.php
# - SERVER_ADDR = 202.191.62.46
# - SERVER_ADMIN = webmaster@[member='site'].com
# - SERVER_NAME = site.com
# - SERVER_PORT = 443
# - SERVER_PROTOCOL = HTTP/1.1
# - SERVER_SIGNATURE = <address>Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at site.com Port 443</address>
# - SERVER_SOFTWARE = Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
# - UNIQUE_ID = T78Odcq-PicABrqoW2sAAAAv
# - PHP_SELF = /checkout_confirmation.php
# - REQUEST_TIME = 1337921141
# - 0 = payment_error=cc&error=The
# - 1 = first
# - 2 = four
# - 3 = digits
# - 4 = of
# - 5 = the
# - 6 = number
# - 7 = entered
# - 8 = are%3A
# - 9 = .
# - 10 = If
# - 11 = that
# - 12 = number
# - 13 = is
# - 14 = correct%2C
# - 15 = we
# - 16 = do
# - 17 = not
# - 18 = accept
# - 19 = that
# - 20 = type
# - 21 = of
# - 22 = credit
# - 23 = card.
# - 24 = If
# - 25 = it
# - 26 = is
# - 27 = wrong%2C
# - 28 = please
# - 29 = try
# - 30 = again.&cc_owner=Jack
# - 31 = Nicolsen
# - 32 = -
# - 33 = Employee&cc_expires_month=02&cc_expires_year=13
# - argc = 34
# - $PHP_SELF filename ( osC_Sec ) = checkout_confirmation.php
#
`--------------------------------------------------------
OTHER INFO
is htaccess writeable =
Resolve IP address: http://en.utrace.de/?query=220.245.75.138
Search Project Honeypot: http://www.projecthoneypot.org/ip_220.245.75.138
This email was generated by osC_Sec. To disable email notifications, open osc.php file, and in the Settings section change $emailenabled = 1 to $emailenabled = 0
Keep up with the latest version of osC_Sec.php at http://addons.oscommerce.com/info/8283 and http://goo.gl/dQ3jH
Email rohepotae [at] gmail dot com with any suggestions.

 

i have even tried back to version 5.04 and still get blocked. any help would be appreciated.

Link to comment
Share on other sites

Ben, if you're using the old 2.2 osC cc module, you'd better be fully PCI-DSS compliant. If you ain't, and there's a security problem, you are toast. The cc module was intended only as an example or template of credit card processing, and was removed from 2.3.1 because it was so insecure, yet stores were actually using it in production.

Link to comment
Share on other sites

Hi Taipo,

 

Need some help, we moved to a new fasta server today but unable to display the catalog side - only shows up HTTP 403 Forbidden in tab name with blank page

If addon is disabled will give no errors

 

I played around with the older versions and found last years version of 5.0.0 is loading up pages atleast for now

 

Seems to be perhaps the IP checking part though but not even too sure

 

Any help please

Is there a debug mode or so?

Getting the Phoenix off the ground

Link to comment
Share on other sites

"fasta"? A couple of things to check:

1. Turn off "mod security" if it's on. That may be seeing certain strings in your URLs or POST data and thinks it's a hack attempt.

2. Check ownership of your directories and files, and permissions should be 755 for directories and 644 for files (444 for configure.php).

Link to comment
Share on other sites

  • 4 weeks later...

"fasta"? A couple of things to check:

1. Turn off "mod security" if it's on. That may be seeing certain strings in your URLs or POST data and thinks it's a hack attempt.

2. Check ownership of your directories and files, and permissions should be 755 for directories and 644 for files (444 for configure.php).

All above is correctly setup on server

 

Took me now a while to find how customers is getting errors

For one thing is they are using mobile devices - confirmed using blackberry and all the errors pops up from oscsec

Still also unable to figure out why 404 blank page is served by osc_sec using latest version

 

Anyone run into simillar errors?

Getting the Phoenix off the ground

Link to comment
Share on other sites

  • 1 month later...

Has anyone seen this error message

 

[07-Aug-2012 01:41:01] PHP Warning:  strpos() [<a href='function.strpos'>function.strpos</a>]: Empty delimiter in /home3
/xxxxxxxxx1/public_html/sites/yyyyyyyyyy/includes/osc_sec.php on line 671

 

Which in turn sends this in the job email

 

Status: 302 Moved Temporarily
Location: http://www.zzzzzzzzzzzzzz.co.uk/blocked.php
Content-type: text/html

 

I am trying to run cron job

 

/ramdisk/bin/php5 /home3/xxxxxxxxxxxx/public_html/sites/yyyyyyyyyyyy/googlesitemap/index.php

 

Running it manually does not generate an entry in the error log

 

Thanks

 

G

 

@@Taipo

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

I receive many visitors from Google Ads (display network) and I've noticed that many of these visitors are banned when they enter my site with the reason:

 

REASON FOR BAN: osC_Sec base64 encoded blacklist query_string value is banned: 0.

 

Is this a bug or perhaps I need to disabled the query_string check? I have been using version 5.0.1a but I just updated to 5.0.8 - not sure if it will help.

 

Thanks.

Link to comment
Share on other sites

I receive many visitors from Google Ads (display network) and I've noticed that many of these visitors are banned when they enter my site with the reason:

 

REASON FOR BAN: osC_Sec base64 encoded blacklist query_string value is banned: 0.

 

Is this a bug or perhaps I need to disabled the query_string check? I have been using version 5.0.1a but I just updated to 5.0.8 - not sure if it will help.

 

Thanks.

 

The solution: Find and remove (line 428 in osc_sec.php): "%000",

 

If you are using Google Adwords ads, the code above triggers the security system for some of your paid visitors (Google Adwords ads a "?gclid=XXXXXXXXX" parameter that in some cases triggers the security system).

 

I hope removing the code above is ok?

Link to comment
Share on other sites

  • 4 months later...

I moved to a new host, and now I can't upload files with Osc_Sec active. The upload is made to /tmp/ folder, which I don't have rights to write into due to security reasons. I have the following error:

Warning: move_uploaded_file() [function.move-uploaded-file]: open_basedir restriction in effect. File(/tmp/phpC6BR9N) is not within the allowed path(s): (/home/myDomain/public_html/) in /home/myDomain/public_html/admin/includes/classes/upload.php on line 86

When I disable this contrib the upload is done, so there is some kind of an incompatibility between this addon and my servers security.

Link to comment
Share on other sites

I receive many visitors from Google Ads (display network) and I've noticed that many of these visitors are banned when they enter my site with the reason:

 

REASON FOR BAN: osC_Sec base64 encoded blacklist query_string value is banned: 0.

 

Is this a bug or perhaps I need to disabled the query_string check? I have been using version 5.0.1a but I just updated to 5.0.8 - not sure if it will help.

 

Thanks.

 

The solution: Find and remove (line 428 in osc_sec.php): "%000",

 

If you are using Google Adwords ads, the code above triggers the security system for some of your paid visitors (Google Adwords ads a "?gclid=XXXXXXXXX" parameter that in some cases triggers the security system).

 

I hope removing the code above is ok?

 

Taipo - I too have seen the same lately - is the proposed delete of "%000" proper?

 

Anyone else done this?

 

@@Taipo

-Dave

Link to comment
Share on other sites

  • 1 month later...

This fixed my error using Google AdWords, see post #491

 

The solution: Find and remove (in line 428 of osc_sec.php): "%000",

 

If you are using Google Adwords ads, the code above triggers the security system for paid visitors (Google Adwords ads a "?gclid=XXXXXXXXX" parameter).

Link to comment
Share on other sites

No doubt I am doing something worng but this is the case:

My site is blocked as It was submitting spam mail through the "Tell a Friend" option.

a) I installed osc_sec 5.0.8 exactly as instructed

B) now both the catalog and the admin sites just give a blank screen on startup

c) if I remove the require_once statement, it works again.

 

I am using osccommerce 2.2 (I think, 2008 version)

 

Can anybody tell me what I am doing wrong?

 

Regards

Nico

Link to comment
Share on other sites

No doubt I am doing something worng but this is the case:

My site is blocked as It was submitting spam mail through the "Tell a Friend" option.

a) I installed osc_sec 5.0.8 exactly as instructed

B) now both the catalog and the admin sites just give a blank screen on startup

c) if I remove the require_once statement, it works again.

 

I am using osccommerce 2.2 (I think, 2008 version)

 

Can anybody tell me what I am doing wrong?

 

Regards

Nico

 

Check your htaccess file and make sure you have not banned yourself. If so, delete your ip from htaccess and you should be back

-Dave

Link to comment
Share on other sites

now both the catalog and the admin sites just give a blank screen on startup

The White Screen of Death (WSOD) is usually a sign of a fatal PHP syntax error. Double check your coding. Look in your site error log and for any error_log files scattered about your site directories -- maybe they'll give a hint of what went wrong. If removing the require_once statement fixes the WSOD, then either you have a syntax error in the require_once statement, or some code in whatever it's requiring is bad.

 

Feel free to show here (in [ code ] tags) the offending require_once statement, and five or so lines before and after it. At least we can rule out that one statement...

Link to comment
Share on other sites

  • 1 month later...

Apologies for the extended hiatus, back now and will be working on an updated version of osC_Sec.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Apologies for the extended hiatus, back now and will be working on an updated version of osC_Sec.

 

Welcome back Taipo :)

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...