packblitz Posted January 16, 2013 Share Posted January 16, 2013 I get emailed whenever there is an TEP_STOP error on the site. This helps me know if there's a problem that I need to fix. I got the following emails this morning that have me concerned. Can anyone make any sense of it and what to do about it? I'm posting them in order. I got message 1 first, then message 2, etc... Thanks in advance! Message 1 advanced_search_result.php?manufacturers_id=〈script𣊪lert(213);〈/script〉&pto=&inc_subcat=1&dto=mm/dd/yyyy&pfrom=&search_in_description=1&osCsid=8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry '8eb021ec6e06558a46428078b13d2a05' for key 1----Query:insert into sessions values ('8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm', '1358335988', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:1:{s:16:\"manufacturers_id\";s:0:\"\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 1 Message 2 advanced_search_result.php?manufacturers_id=42&pto=〈script𣊪lert(213);〈/script〉&inc_subcat=1&dto=mm/dd/yyyy&pfrom=&search_in_description=1&osCsid=8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry '8eb021ec6e06558a46428078b13d2a05' for key 1----Query:insert into sessions values ('8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm', '1358335999', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:2:{s:16:\"manufacturers_id\";s:2:\"42\";s:3:\"pto\";s:0:\"\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 2 Message 3 advanced_search_result.php?manufacturers_id=42&pto=&inc_subcat=〈script𣊪lert(213);〈/script〉&dto=mm/dd/yyyy&pfrom=&search_in_description=1&osCsid=8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry '8eb021ec6e06558a46428078b13d2a05' for key 1----Query:insert into sessions values ('8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm', '1358336010', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:3:{s:16:\"manufacturers_id\";s:2:\"42\";s:3:\"pto\";s:0:\"\";s:10:\"inc_subcat\";s:0:\"\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 3 Message 4 advanced_search_result.php?manufacturers_id=42&pto=&inc_subcat=1&dto=〈script𣊪lert(213);〈/script〉&pfrom=&search_in_description=1&osCsid=8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry '8eb021ec6e06558a46428078b13d2a05' for key 1----Query:insert into sessions values ('8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm', '1358336031', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:4:{s:16:\"manufacturers_id\";s:2:\"42\";s:3:\"pto\";s:0:\"\";s:10:\"inc_subcat\";s:1:\"1\";s:3:\"dto\";s:0:\"\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 4 Message 5 advanced_search_result.php?manufacturers_id=42&pto=&inc_subcat=1&dto=mm/dd/yyyy&pfrom=〈script𣊪lert(213);〈/script〉&search_in_description=1&osCsid=8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry '8eb021ec6e06558a46428078b13d2a05' for key 1----Query:insert into sessions values ('8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm', '1358336041', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:5:{s:16:\"manufacturers_id\";s:2:\"42\";s:3:\"pto\";s:0:\"\";s:10:\"inc_subcat\";s:1:\"1\";s:3:\"dto\";s:10:\"mm/dd/yyyy\";s:5:\"pfrom\";s:0:\"\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 5 Message 6 advanced_search_result.php?manufacturers_id=42&pto=&inc_subcat=1&dto=mm/dd/yyyy&pfrom=&search_in_description=〈script𣊪lert(213);〈/script〉&osCsid=8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry '8eb021ec6e06558a46428078b13d2a05' for key 1----Query:insert into sessions values ('8eb021ec6e06558a46428078b13d2a05&keywords=&categories_id=174&dfrom=mm', '1358336053', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:6:{s:16:\"manufacturers_id\";s:2:\"42\";s:3:\"pto\";s:0:\"\";s:10:\"inc_subcat\";s:1:\"1\";s:3:\"dto\";s:10:\"mm/dd/yyyy\";s:5:\"pfrom\";s:0:\"\";s:21:\"search_in_description\";s:0:\"\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 6 Message 7 advanced_search_result.php?manufacturers_id=42&pto=&inc_subcat=1&dto=mm/dd/yyyy&pfrom=&search_in_description=1&osCsid=...\...\...\...\...\...\...\...\...\boot.ini&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry '...........................boot.' for key 1----Query:insert into sessions values ('...........................boot.ini', '1358340297', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:10:{s:16:\"manufacturers_id\";s:2:\"42\";s:3:\"pto\";s:0:\"\";s:10:\"inc_subcat\";s:1:\"1\";s:3:\"dto\";s:10:\"mm/dd/yyyy\";s:5:\"pfrom\";s:0:\"\";s:21:\"search_in_description\";s:1:\"1\";s:6:\"osCsid\";s:53:\"...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\boot.ini\";s:8:\"keywords\";s:0:\"\";s:13:\"categories_id\";s:3:\"174\";s:5:\"dfrom\";s:10:\"mm/dd/yyyy\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 7 Message 8 advanced_search_result.php?manufacturers_id=42&pto=&inc_subcat=1&dto=mm/dd/yyyy&pfrom=&search_in_description=1&osCsid=....\....\....\....\....\....\....\....\....\boot.ini&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry '................................' for key 1----Query:insert into sessions values ('....................................boot.ini', '1358340298', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:10:{s:16:\"manufacturers_id\";s:2:\"42\";s:3:\"pto\";s:0:\"\";s:10:\"inc_subcat\";s:1:\"1\";s:3:\"dto\";s:10:\"mm/dd/yyyy\";s:5:\"pfrom\";s:0:\"\";s:21:\"search_in_description\";s:1:\"1\";s:6:\"osCsid\";s:62:\"....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\boot.ini\";s:8:\"keywords\";s:0:\"\";s:13:\"categories_id\";s:3:\"174\";s:5:\"dfrom\";s:10:\"mm/dd/yyyy\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 8 Message 9 advanced_search_result.php?manufacturers_id=42&pto=&inc_subcat=1&dto=mm/dd/yyyy&pfrom=&search_in_description=1&osCsid=Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAo=&keywords=&categories_id=174&dfrom=mm/dd/yyyy-------1062 - Duplicate entry 'Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bh' for key 1----Query:insert into sessions values ('Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAo', '1358340298', 'cart|O:12:\"shoppingCart\":4:{s:8:\"contents\";a:0:{}s:5:\"total\";i:0;s:6:\"weight\";i:0;s:12:\"content_type\";b:0;}language|s:7:\"english\";languages_id|s:1:\"1\";currency|s:3:\"USD\";navigation|O:17:\"navigationHistory\":2:{s:4:\"path\";a:1:{i:0;a:4:{s:4:\"page\";s:26:\"advanced_search_result.php\";s:4:\"mode\";s:6:\"NONSSL\";s:3:\"get\";a:10:{s:16:\"manufacturers_id\";s:2:\"42\";s:3:\"pto\";s:0:\"\";s:10:\"inc_subcat\";s:1:\"1\";s:3:\"dto\";s:10:\"mm/dd/yyyy\";s:5:\"pfrom\";s:0:\"\";s:21:\"search_in_description\";s:1:\"1\";s:6:\"osCsid\";s:40:\"Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZAo=\";s:8:\"keywords\";s:0:\"\";s:13:\"categories_id\";s:3:\"174\";s:5:\"dfrom\";s:10:\"mm/dd/yyyy\";}s:4:\"post\";a:0:{}}}s:8:\"snapshot\";a:0:{}}wishList|O:8:\"wishlist\":0:{}messageToStack|a:1:{i:0;a:3:{s:5:\"class\";s:6:\"search\";s:4:\"text\";s:62:\"At least one of the fields in the search form must be entered.\";s:4:\"type\";s:5:\"error\";}}')[TEP STOP] End Message 9 Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 16, 2013 Share Posted January 16, 2013 Those are hacking attempts. They seem to have been spotted by something in your shop, though they should really be removed by your code for better results. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Praful Kamble Posted January 17, 2013 Share Posted January 17, 2013 @@packblitz Follow below Basic Precautions: 1. All .php and .js files should have 444 permission. 2. All folders should have 555 permission. 3. Admin folder should be renamed. 4. Add captcha to create account, contact us, reviews and any other forms on site. 5. Make admin .htaccess protected. 6. Upgrade version and remove wp version from code. 7. Disable file manager. 8. Delete sample data. 9. Frequently check website for any vulnerability through Google webmaster/ http://www.acunetix.com/vulnerability-scanner/ Like post..hit LIKE button. osCommerce | Joomla | WordPress | Magento | SEO | CakePHP | CI Guaranteed Website Speed Optimization!! Link to comment Share on other sites More sharing options...
packblitz Posted January 18, 2013 Author Share Posted January 18, 2013 I will do those things. How would i know if they were successful? What should I be looking for? Thanks again! Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 18, 2013 Share Posted January 18, 2013 Ther's no oe thing to look for. It depends upon what the hackers aim is and what he did. As mentioned, it doesn't look like he got in but I suggest installing the SiteMonitor addon. It probably won't help in this case but allow you see changes made in the future. Also, if you change the permissions as mentioned, you will have some problems. Changing them as directed will prevent some hacker attempts but they will also stop your shop from working properly. See one of the security threads here on the forums for more ideas on how to secure your site. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted January 18, 2013 Share Posted January 18, 2013 @@packblitz The aforementioned permissions are incorrect. Use: Files: 604 Directories: 705 Two configure.php files: 444 Chris Link to comment Share on other sites More sharing options...
Roaddoctor Posted January 23, 2013 Share Posted January 23, 2013 Also - Install osc-sec http://addons.oscommerce.com/info/8283 -Dave Link to comment Share on other sites More sharing options...
MrPhil Posted January 23, 2013 Share Posted January 23, 2013 1. All .php and .js files should have 444 permission. 2. All folders should have 555 permission. On most systems, this will make files and folders READ-ONLY. While this will make it much harder for a hacker to change or add files (e.g., back doors), it will also make it very difficult to conduct normal operations that require changing or uploading files (such as adding a new product). It can be done, and may be temporarily useful to discourage the hacker (assuming they don't have login access to your site hosting account), but in the long run it's probably more pain than gain. Use: Files: 604 Directories: 705 Two configure.php files: 444 Chris, please keep in mind that your server is set up in a somewhat unusual way, and those permissions would be uncommon. At the very least, someone thinking about doing that should check with their host to see if their site will continue to function correctly with such permissions. At least (in reaction to the other post) you have files and directories writable by the owner (except for the configure.php files which are Read-Only by everyone). Note that while this makes normal operations much easier, it is still vulnerable if PHP is operating as owner (e.g., suPHP), as the program itself will be able to overwrite any file or directory except the configure.php files. If PHP is running under your group or as a random user on the server, 644/755 would be sufficient to block osC or a rogue script from overwriting anything. In fact, selected files and directories would have to be 664/775 or even 666/777 in order for PHP to be able to write to them. In this particular situation, where a hacker is pounding on the door, it may be good to restrict permissions to Read-Only for a while, until the hacker gets tired of his game and goes away. Just be sure that you understand how your server is set up and consult with your host as to what permissions are suitable for normal operations (i.e., allowing the osC program to write when and where it needs to). Usually this will be 644/755 (with 444 for configure.php), but it depends on your particular server setup. Link to comment Share on other sites More sharing options...
♥FWR Media Posted January 23, 2013 Share Posted January 23, 2013 What Mr Phil said. I particularly like the references to suPHP as many see this as the "holy grail" whereas it offers its own significant insecurities. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Praful Kamble Posted January 24, 2013 Share Posted January 24, 2013 Thank you Phill to introduce suPHP, will definitely try suPHP. Like post..hit LIKE button. osCommerce | Joomla | WordPress | Magento | SEO | CakePHP | CI Guaranteed Website Speed Optimization!! Link to comment Share on other sites More sharing options...
MrPhil Posted January 24, 2013 Share Posted January 24, 2013 suPHP is something your host would provide, and you would have no choice about using it or not. It's security software that among other things, runs PHP as owner and forbids "world writable" files and directories (xx6 and xx7 permissions). Like any other security software, it probably has some holes in it and is not a silver bullet. Link to comment Share on other sites More sharing options...
newburns Posted January 25, 2013 Share Posted January 25, 2013 I do everything that @@FWR Media, but I do not see osC_Sec listed in the signature. Is this something that works for OSC 2.3.3? What other security measures should I take for OSC? :::::These are the contributions I have installed (Please disregard my notations, this is my personal task list):::: NEW STORE INSTALL LIST 1. Super Download Store 2.3 (Overwriting upload) (SQL Database) 2. KISS Error Reporting 3. Theme Switcher 4. Admin Theme Switcher 5. iOSC 5.2 (SQL Database change in ReadMe) 6. Security Pro r11 7. KISSit Image THUMBnailer 8. Product Info Page Box (SQL Database change) 9. Free Product Checkout 10. Enhanced Contact Us v1.2 (Change text according to your store in languages/english/contact_us.php) 11. Password Strength Meter 12. Free Product Box 13. Ultimate SEO URL 5 14. CrossSell 3.0 (XSell) [Needs some work!] (SQL Database change) 15. PHP POS (Needs Development in order to work properly with osCommerce Database!) 16. Magneticone POS (Perfect) 17. iOS 5.3 update 18. MyAccountInfo Box 19. Modular Front Page 20. Orders at a Glance Admin Dashboard Panel 21. Ask a Question (Did not install, issue with product_info.php) 22. Barcode for products 23. Sitemap Generator with images 24. Magento osCommerce POS 25. Auto Backup v4.3 (Breaks Some Buttons) 26. Ajax Price Update v1.2 27. Quick Inventorys 28. AJAX Attribute Manager (Still needs Updates to handle Downloads. Double Check Later) 29. Product Tabs (Did not display. May be an issue with the theme changer. Removed) 30. Store Mode (Open | Closed | Maintenance) 31. Wishlist 2.3.3R1 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.