Guest Posted December 5, 2010 Posted December 5, 2010 Adam, Comment out these lines: BAN IP NUMBERS, ALL OF TURKEY FORCE TYPE so they appear like this: #BAN IP NUMBERS, ALL OF TURKEY #FORCE TYPE Chris
Pondpig Posted December 6, 2010 Posted December 6, 2010 Thank you guys, rookie mistake! Ill try it now
Pondpig Posted December 6, 2010 Posted December 6, 2010 Tried it guys, still getting the internal error.. hmm, i guess its just delete some code and see what it is making the problem :/
♥mdtaylorlrim Posted December 6, 2010 Posted December 6, 2010 Tried it guys, still getting the internal error.. hmm, i guess its just delete some code and see what it is making the problem :/ This is sort of 'out there' but you need to make sure that your host has OptionsOverride set to true or else none of this will work. Most hosts do, but may limit what you can do in there. If you are on your own server then the OptionsOverride is not on by default. And you can test by commenting out blocks of code rather than deleting it. You can't simply comment out individual lines as some code is dependent on other, so comment out logical blocks until it works. Rather, comment out the entire file, then uncomment logical blocks until it stops working. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
FIMBLE Posted December 6, 2010 Posted December 6, 2010 Another thing to check are the file permissions for your htaccess, and... some hosts do not allow use of the htaccess file at all you may be better off checking on a server you know does accept htaccess then you know the script is not your problem Regards Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions
Pondpig Posted December 6, 2010 Posted December 6, 2010 Geez this is driving me crazy, thank you for all your help.. .Htaccess permissions are fine! optionsoveride fine! But my host comes up with this information about .htaccess on my linux sever and i just dont understand :( http://www.streamlinesupport.net/index.php?page=show&id=33
Guest Posted December 6, 2010 Posted December 6, 2010 Adam, Unfortunately that means your hosting provider won't allow many of the protection scripts to function that included in the .htaccess protection scripts contribution. Chris
Pondpig Posted December 6, 2010 Posted December 6, 2010 Geeez, great! So how bad is this? Is it better to move hosting or just implement as many as i can and add other protection features? Thank you for all your help!
♥mdtaylorlrim Posted December 6, 2010 Posted December 6, 2010 Geeez, great! So how bad is this? Is it better to move hosting or just implement as many as i can and add other protection features? Thank you for all your help! Personally, I wouldn't use the host because I rely on the ability to block ip addresses and to prevent php scripts from running in image directories. If you can explain to your host why you need this perhaps they can offer you an alternate hosting package or some other solution. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
Pondpig Posted December 6, 2010 Posted December 6, 2010 Okay, thank you for the advice! I guess ill plod on and find another host! cheers!
drillsar Posted December 7, 2010 Posted December 7, 2010 I would go with another host, I can host you if you like, just private message me. Let me ask you the Oscommerce version 2.3.1 alot of these security has been applied correct?
Guest Posted December 7, 2010 Posted December 7, 2010 Although 2.3.1 has improved security, many of the most commonly used contributions have not yet been updated to work with 2.3.1, so there are a lot of people waiting to upgrade until the contributions are upgraded. Chris
Pondpig Posted December 7, 2010 Posted December 7, 2010 Can anyone recommend a good cheap hosting service in the uk? Fasthost looks good
♥geoffreywalton Posted December 7, 2010 Posted December 7, 2010 Can anyone recommend a good cheap hosting service in the uk? Fasthost looks good Seem to remember with fasthosts if you navigate away from the registration pages you get an even cheper deal. If you intend to host more than one site there I would recommend registering a url you will not use and then you can have each of your real sites in a sub-directory. But I am not running mysql on this package. HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
carbonfiberdiy Posted December 10, 2010 Posted December 10, 2010 Hello, I'm trying to use this with ultimate SEO. This is the current code in my htacces file, when I add yours below I get a 500 error. I would love some advise on how I need to modify it, as I'm not familiar with php at all. # Begin Ultimate SEO V2.2d Options +FollowSymLinks RewriteEngine On # RewriteBase instructions # Change RewriteBase dependent on how your shop is accessed as below. # http://www.mysite.com = htttp://www.compositewerkz.com / # http://www.mysite.com/catalog/ = RewriteBase /catalog/ # http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/ # Change the following line using the instructions above RewriteBase /htttp://www.compositewerkz.com/ RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-m-(.*).html$ index.php?manufacturers_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pi-(.*).html$ popup_image.php?pID=$2&%{QUERY_STRING} RewriteRule ^(.*)-by-(.*).html$ all-products.php?fl=$2&%{QUERY_STRING} RewriteRule ^(.*)-t-(.*).html$ articles.php?tPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-a-(.*).html$ article_info.php?articles_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-au-(.*).html$ articles.php?authors_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pr-(.*).html$ product_reviews.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pri-(.*).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-f-(.*).html$ faqdesk_info.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-fc-(.*).html$ faqdesk_index.php?faqPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-fri-(.*).html$ faqdesk_reviews_info.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-fra-(.*).html$ faqdesk_reviews_article.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-i-(.*).html$ information.php?info_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-links-(.*).html$ links.php?lPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-pm-([0-9]+).html$ info_pages.php?pages_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-n-(.*).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-nc-(.*).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-nri-(.*).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-nra-(.*).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-po-([0-9]+).html$ pollbooth.php?pollid=$2&%{QUERY_STRING} # End Ultimate SEO V2.2d
HarTechSoftworks Posted December 14, 2010 Posted December 14, 2010 Hello, I'm trying to use this with ultimate SEO. This is the current code in my htacces file, when I add yours below I get a 500 error. I would love some advise on how I need to modify it, as I'm not familiar with php at all. # Begin Ultimate SEO V2.2d Options +FollowSymLinks RewriteEngine On # RewriteBase instructions # Change RewriteBase dependent on how your shop is accessed as below. # http://www.mysite.com = htttp://www.compositewerkz.com / # http://www.mysite.com/catalog/ = RewriteBase /catalog/ # http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/ # Change the following line using the instructions above RewriteBase /htttp://www.compositewerkz.com/ RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-m-(.*).html$ index.php?manufacturers_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pi-(.*).html$ popup_image.php?pID=$2&%{QUERY_STRING} RewriteRule ^(.*)-by-(.*).html$ all-products.php?fl=$2&%{QUERY_STRING} RewriteRule ^(.*)-t-(.*).html$ articles.php?tPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-a-(.*).html$ article_info.php?articles_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-au-(.*).html$ articles.php?authors_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pr-(.*).html$ product_reviews.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pri-(.*).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-f-(.*).html$ faqdesk_info.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-fc-(.*).html$ faqdesk_index.php?faqPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-fri-(.*).html$ faqdesk_reviews_info.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-fra-(.*).html$ faqdesk_reviews_article.php?faqdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-i-(.*).html$ information.php?info_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-links-(.*).html$ links.php?lPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-pm-([0-9]+).html$ info_pages.php?pages_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-n-(.*).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-nc-(.*).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-nri-(.*).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-nra-(.*).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-po-([0-9]+).html$ pollbooth.php?pollid=$2&%{QUERY_STRING} # End Ultimate SEO V2.2d The htaccess file has nothing to do with PHP. It is a distributed server configuration file. Just checked your site, it seem to be working fine: http://www.compositewerkz.com/ Do note this line though RewriteBase /htttp://www.compositewerkz.com/ Triple ttt's ? Though this wouldn't cause the site to return a 500 internal server error, send me a PM if you would like more details.
Guest Posted December 14, 2010 Posted December 14, 2010 This line: RewriteBase /htttp://www.compositewerkz.com/ should be RewriteBase / or this RewriteBase /catalog (unless you put your cart into a shop or store folder, then substitute the directory name) Nothing else. Chris
carbonfiberdiy Posted December 15, 2010 Posted December 15, 2010 I applied your changes, however I still cannot add the htaccess protection script with out getting a 500 error. Any further advice?
BillSpiegel Posted December 16, 2010 Posted December 16, 2010 I am an IT person who is unfamiliar with osCommerce - Our site has been hacked and the site creator no longer is available - google flagged the site and I have been trying to find someone that could help change the admin password and locked down the site so that it does not get compromised again -- please help
scoy Posted December 20, 2010 Posted December 20, 2010 I tried to install Security Pro on my OS Commerce v2.2 RC2a. I attempted to run SecurityPro_installer.php in my root directory of my store, but it doesn't appear to do anything. I tried to run the script within a shell, nothing, within file manager in OS commerce, just waits a few seconds, then blinks. Nothing. Do you have a manual way of installing this? I have Sitemonitor and all permissions installed. Thanks, Steve
germ Posted December 20, 2010 Posted December 20, 2010 Link to Security Pro Support Thread If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
♥geoffreywalton Posted December 21, 2010 Posted December 21, 2010 Had an interesting one recently. Files kept disappearing from the site, mainly header_tags.php, general.php, html_output.php. Site monitor would not run as trying to check if 78,000 images were in the ignore list blew the max_execution time and max_input_time. As the package did not have the cron facility I even wrote a script to check if any of the files had gone and upload any that had gone. Eventually it turned out that the site was not hacked but that the host had some security software that thought the files were malicious and just deleted them. HTH someone G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
♥FWR Media Posted December 23, 2010 Posted December 23, 2010 Security Pro 2.0 has been released. Totally new more modern code ( albeit PHP4 compatible ). More protection. Compatible with osCommerce all versions including 2.3.1. A word about .htaccess XSS contributions. I don't know if anyone realises but none that I have seen do anything but try and replicate what Security Pro already does better, although more so now .. example .. RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] base64_encode is covered by security Pro RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] Tags can not get through security pro as <> and % are banned characters RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] Again tags cannot get through Security Pro RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] GLOBALS is now banned by Security Pro RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) _REQUEST now banned by Security Pro RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) This one may be worth keeping as the request method is not querystring based Just so you are not adding unnecessary code to .htaccess as these rules are quite server intensive and the file gets filled with rubbish. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
Guest Posted December 23, 2010 Posted December 23, 2010 I installed AutoBackup Database in Admin - http://addons.oscommerce.com/info/2314 and I keep getting this error: Warning: mkdir() [function.mkdir]: No such file or directory in /home/public_html/admin/auto_backup_setup.php on line 7 Error, Backup Directory Does Not Exist, please create it or run "auto_backup_setup.php" Line 7 if ($action == 'yes' && !is_dir(DIR_FS_BACKUP)) mkdir(DIR_FS_BACKUP);
♥Gyakutsuki Posted December 23, 2010 Posted December 23, 2010 Hello, Thank you for this add on. I would know if this contribution work fine with your rewriting contribution Regards Loic Regards ----------------------------------------- Loïc Contact me by skype for business Contact me @gyakutsuki for an answer on the forum
Recommended Posts
Archived
This topic is now archived and is closed to further replies.