Jump to content

Archived

This topic is now archived and is closed to further replies.

Ken44

crossdomain.xml

Recommended Posts

Hi

 

I have had oscv2.3.1 installed and working fine for over a year now, however, recently I keep seeing this in whos online

 

http://tinyurl.com/8y2ecd2

 

The strange thing is that this only happens when using a Win7 PC. When I look at my admin from 2 other WinXP PCs I never see admin looking for crossdomain.xml

Today, for the first time, I noticed a customer also looking for crossdomain.xml

 

http://tinyurl.com/8xdz742

 

I checked my OSC2.3.1 code and there is no reference to crossdomain.xml in the code.

 

Does anyone know what this could be?

 

Regards

 

Ken

Share this post


Link to post
Share on other sites

A crossdomain.xml file is used by Adobe Flash to allow your Flash content to include content from another domain. It's a security hole if not done properly, so this could be an attempt to find a vulnerability to exploit. Or, if you have Flash content on your site, it could be perfectly normal.

 

Regards

Jim


See my profile for a list of my addons and ways to get support.

Share this post


Link to post
Share on other sites

Hi Jim

 

Thanks for your reply.

 

My site is fairly basic, it can be seen at the links above. (just go up a level)

I have no flashy add-ons. The only thing that may use Flash Player is PHPmyVisites, however this has been installed since the site was built and has never caused a problem before.

Also, a customer does not have access to this software. Why is a customer looking for crossdomain.xml?

 

Regards

 

Ken

Share this post


Link to post
Share on other sites

They aren't a customer - probably fishing for the file to see if they can exploit its presence. First clue is that there is no reason for them to naturally create that file call - they have to form the URL. Are you using a scanning service that might be testing for that file?


:not_the_usual1

[you decide]

 

-- Trying to figure it out, just like everyone else --

Share this post


Link to post
Share on other sites

Hi.

 

It appears to be myself that is looking for this file. In ‘whos online’ it is Admin that is looking at crossdomain.xml (see the images in the first post)

 

Since this is only happening on Win7 then I guess this must be something to do with the operating system rather than my website.

 

Very strange though.

 

Ken

Share this post


Link to post
Share on other sites

A crossdomain.xml file is used by Adobe Flash to allow your Flash content to include content from another domain. It's a security hole if not done properly, so this could be an attempt to find a vulnerability to exploit. Or, if you have Flash content on your site, it could be perfectly normal.

 

Regards

Jim

 

jim, how do you stop it?

Share this post


Link to post
Share on other sites

Hi.

 

A crossdomain.xml file is used by Adobe Flash to allow your Flash content to include content from another domain. It's a security hole if not done properly, so this could be an attempt to find a vulnerability to exploit.

 

I suggest that you upload a blank file with that name... or block the ip address from where it is comming...

 

 

This sounds like a good idea.

 

So Ive added a file called crossdomain.xml to root which contains this.

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www.mysite.co.uk" />
<allow-access-from domain="mysite.co.uk" />
</cross-domain-policy>

It appears to have solved the problem. But what about security? Is this OK or can it be written in a better or more secure way?

 

Regards

 

Ken

Share this post


Link to post
Share on other sites

×