Jump to content

Archived

This topic is now archived and is closed to further replies.

Taipo

Oscommerce Security - Osc_Sec.php

Recommended Posts

Is there away of disabling the osc_sec cookie check?

 

I often receive this message - even though its clearly not a hacker attempt: "osC_Sec detected malicious cookie content..."

 

And since I use IP trap, the IP is banned.

 

Thanks!

Share this post


Link to post
Share on other sites

In the latest version of osc_sec.php, find:

      $this->cookieShield();

 

and replace with:

#     $this->cookieShield();


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

I have been unable to use the last 10 or 12 iterations of osc_sec.

 

Installation produces a 500 (if I recall correctly) error (note, osc_sec files only, not using the htaccess modifications).


Help shape the future of Phoenix; join the Phoenix Club

Share this post


Link to post
Share on other sites

Try this version out Burt.

 

http://pastebin.com/Hn2ifX6U

 

( grab the code from the raw paste data at the bottom )

 

Let me know if that sorts the issue, if so I will post an update.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

The only bits to edit now are in osc.php file which is in the zip file in the includes directory along with osc_sec.php

 

In fact you do not need to edit anything if you just want to add it, however if you want to ban ip addresses and such then osc.php is the file you want to look in. Check the readme.htm file for more on editing the settings.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

osC_Sec 5.0.1

 

Whats New?

- Added extra checks in $checkfilename

- Fixed an issue where files contain extra '.'. i.e. file.name.php

- Fix phpSelfFix() function

- Fixed whitespace issue with $this->_httphost

- More additions to the dbShield() function to protect against database injection attempts

- Fixed a number of issues with dbShield() to prevent false positives

- Removed base64_decode aspect of dbShield() due to it causing errors in some configurations

- More additions to getShield() function to detect local file read attempts

- Remake of the postShield() function

- Remake of the cookieShield() function

- Fixed an error in ipTrapped()

 

New Install instructions: see the readme.htm, as per usual, all updates contain the complete package

 

Updating:

Replace the osc_sec.php file in your catalogs /includes/ directory with the one in the /includes/ directory of this zip file.

 

Please report any bugs to the discussion forums at http://goo.gl/dQ3jH or email rohepotae@gmail.com

 

Download from: http://addons.oscommerce.com/info/8283


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

Hi Taipo

 

Google & Babel translate do not work on my site anymore, could the OSC SEC contirbution be stopping it from working?

 

I also have Security Pro 2.0 installed.

 

These are the characters Google uses

http://translate.google.com/translate?hl=en&sl=en&tl=sq&u=http%3A%2F%2Fwww.oscommerce.com%2F

 

And this is what Babel uses

 

http://babelfish.yahoo.com/translate_url?doit=done&tt=url&intl=1&fr=bf-home&trurl=http%3A%2F%2Fwww.oscommerce.com%2F&lp=en_nl&btnTrUrl=Translate

 

I added % and & and = to the Secuity Pro whitelist but the translation from these pages comes back as

 

blank page for Google and with an

 

error(0) for Babel

Share this post


Link to post
Share on other sites

I have a similar problem with Google Translate, my page loads fine but it report the following error at the top of the page:

 

Warning: file () [ function.file ]: Emri nuk mund të jetë bosh në / home / mydomain / public_html / përfshinë / osc_sec.php on line 675

Share this post


Link to post
Share on other sites

What does " Emri nuk mund të jetë bosh në" mean PT?


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

I have no idea, i just click on a random language, but the original error message is:

 

Warning : file() [ function.file ]: Filename cannot be empty in /home/mydomain/public_html/includes/osc_sec.php on line 675

 

Warning : Cannot modify header information - headers already sent by (output started at /home/mydomain/public_html/includes/osc_sec.php:675) in /home/mydomain/public_html/includes/functions/general.php on line 1355

Share this post


Link to post
Share on other sites

Try this version Ricardo

http://pastebin.com/RGWKExAq

 

Let me know how it goes.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

You can also try this as it could be associated with the way osC_Sec deals with post form data.

 

Find these two lines:

 

 
  # check _POST variables against the blacklist
  $this->postShield();

 

and replace with:

 
  # check _POST variables against the blacklist
  # $this->postShield();

 

Let me know if that helps


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

Hi Taipo,

 

I'm taking your advice on another topic and I'm now building a new shop with osCommerce 2.3.1. Should this contribution also be used with osCommerce 2.3.1?

 

Thanks!

Share this post


Link to post
Share on other sites

It is not needed due to the fact that there are no known security issues with 2.3.1, however it doesn't hurt to install it.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

Taipo, if you could help out with an issue that apparently osc_sec is causing it would be appreciated.

 

With one of the latest udpates, there apparently is an effect on an action on a page what Jack_MCS calls, "It is just a normal form update page" that effects that update in the adminstrative side of Header Tags SEO.

 

Specifically, when you select a keyword that is displayed on a table on the page, and click the appropriate activator, the intended delete action doesn't occur. I disable osc_sec in admin and the action then works. Another user, tried rolling back a version or two of osc_sec and that corrected the issue for him as well.

 

I wish I could be more descriptive of the actual code that is effected, but I don't know the coding well enough to figure it out. But it appears one of the last version or two of osc_sec is causing this.

 

Any hunches based on what I provided? Thanks


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

Try following the instructions at my previous post and let me know if that fixes the issue.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites
Try following the instructions at my previous post and let me know if that fixes the issue.

 

That was the issue. After commmenting out as above, the issue is resolved. Thank you


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

osC_Sec 5.0.2

 

Whats New?

- Fixed issues causing conflicts with some addons concerning the postShield() function

 

New Install instructions: see the readme.htm, as per usual, all updates contain the complete package

 

Updating:

Replace the osc_sec.php file in your catalogs /includes/ directory with the one in the /includes/ directory of this zip file.

 

Please report any bugs to the discussion forums at http://goo.gl/dQ3jH or email rohepotae@gmail.com

 

Download from: http://addons.oscommerce.com/info/8283


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

Taipo, I downloaded the latest but the problem came back again, so I changed that line of code to

# $this->postShield();

and the issue is resolved again.

FYI


I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Share this post


Link to post
Share on other sites

hey Taipo,

 

I have the same problem with the new version, my checkout page still will not let me pass payment selection page and I changed # $this->postShield(); and it fixed the problem as well. Looks like everyone has problem with this function.

Share this post


Link to post
Share on other sites

Try this one PT, I have removed the postShield function for now.

http://pastebin.com/RELeMuXL


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

×