SQL injection attack question

[osc-betty]

Hi,

 

my apologies if this has been covered somewhere else, I couldn't find the answer when I searched for it.

 

I have just had an email from my hosting company warning me about SQL injection attacks. they advise to deny access to system tables as one possible solution to the most frequently seen attacks.

 

Is this something I can do without causing problems to an OSC store? Most of the stores I have built are heavily modified, all are on MS2, but not all on the latest release candidate. How can I find out whether there are any accesses to system tables in the code, i.e. what type of command should I be looking for?

 

If you know about any other solutions to help me secure my clients' sites, please let me know.

 

Thank you very much for your help.

 

Bettina

[spooks]

You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752

 

You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441

 

You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914

 

You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044

 

Also make sure that all files, except for the two configure.php files have permissions no higher than 644.

 

The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct.

 

Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosting companies.

 

:)