Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

SQL injection attack question


Recommended Posts



my apologies if this has been covered somewhere else, I couldn't find the answer when I searched for it.


I have just had an email from my hosting company warning me about SQL injection attacks. they advise to deny access to system tables as one possible solution to the most frequently seen attacks.


Is this something I can do without causing problems to an OSC store? Most of the stores I have built are heavily modified, all are on MS2, but not all on the latest release candidate. How can I find out whether there are any accesses to system tables in the code, i.e. what type of command should I be looking for?


If you know about any other solutions to help me secure my clients' sites, please let me know.


Thank you very much for your help.



Link to comment
Share on other sites

You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752


You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441


You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914


You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044


Also make sure that all files, except for the two configure.php files have permissions no higher than 644.


The permissions for the two configure.php files will vary according to the server your site is on - it could be 644, 444 or 400 which is correct.


Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosting companies.





Remember, What you think I ment may not be what I thought I ment when I said it.




Auto Backup your Database, Easy way


Multi Images with Fancy Pop-ups, Easy way


Products in columns with multi buy etc etc


Disable any Category or Product, Easy way


Secure & Improve your account pages et al.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...