Jump to content

Archived

This topic is now archived and is closed to further replies.

mglenn310

Where to look

Recommended Posts

Assuming your site has not yet been hacked, I would think the better use of time would be to patch the faulty code in your site if you are using the older version of osCommerce.

 

When it comes to the widely distributed type of attacks that have been levelled at osCommerce because of the bypass exploit in the admin login code of the older versions, the attacks are being served from automated servers rather than 'someone' as such trying to hack your site.....well, in 999 out of 1000 cases that is true.

 

So even after you have patched your site with the fix code the attacks will still be coming in, they just will not be successful in completing their tasks.

 

If you want to daily watch the attacks hitting your site while actually having patched your site, then install osC_Sec

http://www.oscommerce.com/community/contributions,7834

 

And enable email notifications.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

Well being im new to the OSC and have no clue as to what you are talking about. i guess my time is up to me of how i use it.Thank you for telling me how i should do things. but you lost me in the first line of your post. I don't understand why you guys think every one in this site are developers.

Share this post


Link to post
Share on other sites

Well being im new to the OSC and have no clue as to what you are talking about. i guess my time is up to me of how i use it.Thank you for telling me how i should do things. but you lost me in the first line of your post. I don't understand why you guys think every one in this site are developers.

 

I don't assume you are a developer. I could tell by your question that you are not one which is why I didn't bother wasting my time explaining to you how to determine what a hack attempt looks like and how to log it, track it, and prevent it.

 

All I did was to point out why that would be a giant waste of time doing so, but feel free to do so just as I felt free to point that out to you.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

ok i think i have it installed is there away to test to see if its working

 

If you have it installed correctly and have both $banipaddress and $emailenabled enabled correctly in the file osc.php then no doubt you will start to receive email notifications as attacks are levelled at your site.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

Set $banipaddress back to 0, then go to www.yourwebsite.com/yourshop/index.php/login.php and the page should go blank or post a 'permission denied' error. That is osC_Sec doing that (if it is set up correctly). You wont receive an email until you have both $banipaddress and $emailenabled set to 1, and your site gets attacked.


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

Try http://mywebsite.com/catalog/index.php/login.php since its your shop you are wanting to test osC_Sec on ( assuming you installed osC_Sec in http://mywebsite.com/catalog/includes/ ).


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

What happens when you take osC_Sec out of the equation, when you go then to that link ( http://mywebsite.com/catalog/login.php ) do you still get the same results?


- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Share this post


Link to post
Share on other sites

×