♥akmac Posted January 5, 2005 Posted January 5, 2005 Pardon my noobness. I just got a few calls from customers saying that when they visited my home page, it tried to load a trojan onto their computers. I looked at my index.html and sure enough-there was a little javascript on the bottom of the page that I didn't put there. I deleted it and reuploaded the page-and it works fine-but I'm worried about what vulnerability exists that would allow it in the first place. I called my host-ipowerweb-and they said "Admins are aware if it" Very helpful. Anyone know how-or if-I can guard against this in the future? It seems to have occurred while I was uploading pages via ftp, but none of the loaded pages were affected..... ? Quidquid latine dictum sit, profundum viditur.
wesdale Posted January 5, 2005 Posted January 5, 2005 Pardon my noobness. I just got a few calls from customers saying that when they visited my home page, it tried to load a trojan onto their computers. I looked at my index.html and sure enough-there was a little javascript on the bottom of the page that I didn't put there. I deleted it and reuploaded the page-and it works fine-but I'm worried about what vulnerability exists that would allow it in the first place. I called my host-ipowerweb-and they said "Admins are aware if it" Very helpful. Anyone know how-or if-I can guard against this in the future? It seems to have occurred while I was uploading pages via ftp, but none of the loaded pages were affected..... ? <{POST_SNAPBACK}>
wesdale Posted January 5, 2005 Posted January 5, 2005 Pardon my noobness. I just got a few calls from customers saying that when they visited my home page, it tried to load a trojan onto their computers. I looked at my index.html and sure enough-there was a little javascript on the bottom of the page that I didn't put there. I deleted it and reuploaded the page-and it works fine-but I'm worried about what vulnerability exists that would allow it in the first place. I called my host-ipowerweb-and they said "Admins are aware if it" Very helpful. Anyone know how-or if-I can guard against this in the future? It seems to have occurred while I was uploading pages via ftp, but none of the loaded pages were affected..... ? <{POST_SNAPBACK}>
Guest Posted January 6, 2005 Posted January 6, 2005 ...Anyone know how-or if-I can guard against this in the future? It seems to have occurred while I was uploading pages via ftp, but none of the loaded pages were affected..... <{POST_SNAPBACK}> It could be caused by any number of possible means - variable injection into php (do you have register globals disabled ?), sloppy password management, someone sniffing your ftp connection (don't use ftp - use scp), some other exploit in the web server / php (are your files read-only ? - I bet they aren't), etc etc.... You need to review your security and plug any weaknesses you find. This is all very dependent on your situation, and know one knows that better than you. Rich.
boxtel Posted January 6, 2005 Posted January 6, 2005 Pardon my noobness. I just got a few calls from customers saying that when they visited my home page, it tried to load a trojan onto their computers. I looked at my index.html and sure enough-there was a little javascript on the bottom of the page that I didn't put there. I deleted it and reuploaded the page-and it works fine-but I'm worried about what vulnerability exists that would allow it in the first place. I called my host-ipowerweb-and they said "Admins are aware if it" Very helpful. Anyone know how-or if-I can guard against this in the future? It seems to have occurred while I was uploading pages via ftp, but none of the loaded pages were affected..... ? <{POST_SNAPBACK}> well, if you could tell us what the script was doing, then maybe I could get worried. Treasurer MFC
♥akmac Posted January 8, 2005 Author Posted January 8, 2005 As far as I could tell, it was causing some sort of download to begin from a url I couldn't access. I didn't save the url-and deleted the script as soon as I found it. Usually panic works well for me, but in hindsight-those bits of info may have been helpful;) Sorry I can't provide more specifics... I notified my webhost and they said they were aware of the issue and it had been addressed. Needless to say, I'm filled with confidence and gratitude. Anyways-it hasn't happenned again (yet) so......... -akmac Quidquid latine dictum sit, profundum viditur.
dirthawker Posted January 9, 2005 Posted January 9, 2005 It could be caused by any number of possible means - variable injection into php (do you have register globals disabled ?), sloppy password management, someone sniffing your ftp connection (don't use ftp - use scp), some other exploit in the web server / php (are your files read-only ? - I bet they aren't), etc etc....Rich. <{POST_SNAPBACK}> Hi, I thought register_globals was supposed to be enabled for osC... it's dangerous according to all the PHP books I've read, but I thought osC requires it. Is this not the case? If you have a short-list of security things that should be added to osC, I'd love to hear what they are. -andrea- My contributions Quick Installation Guide
Guest Posted January 9, 2005 Posted January 9, 2005 I looked at my index.html that is the key . . . didnt come thru the store, came thru something else
boxtel Posted January 9, 2005 Posted January 9, 2005 As far as I could tell, it was causing some sort of download to begin from a url I couldn't access. I didn't save the url-and deleted the script as soon as I found it. Usually panic works well for me, but in hindsight-those bits of info may have been helpful;) Sorry I can't provide more specifics... I notified my webhost and they said they were aware of the issue and it had been addressed. Needless to say, I'm filled with confidence and gratitude. Anyways-it hasn't happenned again (yet) so......... -akmac <{POST_SNAPBACK}> any service provider would tell you that they know about it and are addressing it. Treasurer MFC
clarocque Posted January 9, 2005 Posted January 9, 2005 Hi, I thought register_globals was supposed to be enabled for osC... it's dangerous according to all the PHP books I've read, but I thought osC requires it. Is this not the case? If you have a short-list of security things that should be added to osC, I'd love to hear what they are. -andrea- <{POST_SNAPBACK}> Hmm I thought same - anyone know something ?????? osC Contributions I have published. Note: Some I only provided minor changes, updates or additions!
Guest Posted January 9, 2005 Posted January 9, 2005 osCommerce works without register_globals enabled IF you install the register_globals contribution. if your host keeps on top of things security wise, then you have no problem. it is the host who does not keep things together that makes things screwed up. also the individual who runs forums, etc who do not watch the forums like phpbb where they post info about security patches.
clarocque Posted January 9, 2005 Posted January 9, 2005 osCommerce works without register_globals enabled IF you install the register_globals contribution. if your host keeps on top of things security wise, then you have no problem. it is the host who does not keep things together that makes things screwed up. also the individual who runs forums, etc who do not watch the forums like phpbb where they post info about security patches. <{POST_SNAPBACK}> Does the registered globals off contribution have any limitation such as working w/ CCGV or anything like that? osC Contributions I have published. Note: Some I only provided minor changes, updates or additions!
dirthawker Posted January 9, 2005 Posted January 9, 2005 osCommerce works without register_globals enabled IF you install the register_globals contribution. if your host keeps on top of things security wise, then you have no problem. it is the host who does not keep things together that makes things screwed up. also the individual who runs forums, etc who do not watch the forums like phpbb where they post info about security patches. <{POST_SNAPBACK}> Thanks John, I'll look into this -andrea- My contributions Quick Installation Guide
WiseWombat Posted January 9, 2005 Posted January 9, 2005 Does the registered globals off contribution have any limitation such as working w/ CCGV or anything like that? <{POST_SNAPBACK}> Will this contabution work simply by replacing the contribution files into there directorys and will it affect preinstalled files ??? ( WARNING ) I think I know what Im talking about. BACK UP BACK UP BACK UP BACK UP
Guest Posted January 9, 2005 Posted January 9, 2005 all in the instructions, same as with any contribution. needs to be merged if you have other contributions.
WiseWombat Posted January 9, 2005 Posted January 9, 2005 all in the instructions, same as with any contribution. needs to be merged if you have other contributions. <{POST_SNAPBACK}> Thanks John I try it on a back up ( WARNING ) I think I know what Im talking about. BACK UP BACK UP BACK UP BACK UP
Guest Posted January 9, 2005 Posted January 9, 2005 If you have a short-list of security things that should be added to osC, I'd love to hear what they are. Well, I wasn't going to post again, but being a sucker for punishment.... If you look here.... http://www.oscommerce.com/forums/index.php?showtopic=128078 ...you will find three posts from me (all on the 31st December 2004), one of which makes a further link to some other thread. These are a a few of my collective rants about security; most of which are not actually OSC-specific (but some are). Maybe it will give you some idea. Rich.
Guest Posted January 9, 2005 Posted January 9, 2005 ...and if you look here... http://www.oscommerce.com/forums/index.php?showtopic=127013 ...you will find some some basic info (ie - rants by me / helpful comments by others) on web server task users/groups and file permissions and how they relate to each other, plus a bit of other stuff. This is directly related to the security of your site but it's staggering how many people don't appreciate this stuff. Rich.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.