Jump to content

Archived

This topic is now archived and is closed to further replies.

oswaldo_olivo

Reporting DoS vulnerabilities

Recommended Posts

Do you mean DOS, like in Windows DOS? If so, this package wouldn't have anything to do with that.

Share this post


Link to post
Share on other sites

@@wHiTeHaT Thanks for the link. I'm familiar with DOS attacks but DOS vulnerabilities implies something else. In either case, it isn't something that would be handled by the oscommerce code, at least that I can see. But maybe I'm still not understanding the question.

Share this post


Link to post
Share on other sites

@@Jack_mcs , i think the OP run such software on it, and that soft tells by default to "contact the manufacturer" of the soft to show him the report.

 

I cannot imagine a security expert will go ask for the contact details in a forum, to it's forum users.

 

As it is clearly easily to find out?

 

 

 

 

Let's hope it is just like i think it is lol.

Share this post


Link to post
Share on other sites

DoS attacks are normally taken care of the hosting provider. A DoS attack normally has nothing to do with any specific application vulnerabilities, but is an attempt to bog down and overpower the server by deliberately sending excessive requests to a site. You can somewhat block one via .htaccess DENYs (if you can see a small set of offending IP addresses), but it is usually better handled higher up the food chain by the host. 

 

If this is actually a Distributed DoS attack, with incoming requests from zombied computers all over the world, the only recourse may be to block everything from your site for a while, until the attacker gives up or loses interest. Then you can restore service, hoping that the attacker has moved on to something else. Talk to your host about what they can do.

Share this post


Link to post
Share on other sites

×