kenkja Posted October 6, 2011 Posted October 6, 2011 Hello All, It seems my talent for finding trouble has no limits. Today I sort of barred myself from my own admin, but not quite, in a v2.3.1 install For some reason I decided to check upon the configuration of Site Monitor and was summarily informed that I had been a very naughty boy and should sit on the naughty chair facing the wall. Now it turns out that Debs Bad Behaviour Contribution, thought that I should not be doing this, which is great because it proves it works and had added my own IP to the list of banned IPs in root .htaccess file. However Sara's code to limit access the the admin to only my IP address in the admin .htaccess was still trying its best to let me into the admin, the pop up box that appears in windows asking for username and password appeared twice as usual and then again without a saved password, I think twice and then admin log in page appeared. So I sign in and find the usual admin page, but the left_column has disappeared leaving its contents in full exploded view, so for example the categories box was not there but its title and levels where, I'm allowed all the levels, but clicking on a box title gives a no permission result. So obviously I remove myself the root/.htaccess barred ip's and everything is back to normal. But I still wish to check on the configuration of site monitor but would rather not end up on the naughty chair again, is it possible to make Site Monitor and Bad behaviour block friends ? thanks Ken Os-commerce v2.3.3 Security Pro v11 Site Monitor IP Trap htaccess Protection Bad Behaviour Block Year Make Model Document Manager X Sell Star Product Modular Front Page Modular Header Tags
albe Posted November 7, 2011 Posted November 7, 2011 Hi, have question. We use a oscommercial internet shop. From the beginning I had help from a guy to make all the installation work. Now he moved far away and can not assist me anymore. My problem is the shop is infected with maleware. To stop the development the shop is "parked" now. I would need some professional help, cleaning the shop and get back safely on the air, Do you have any suggestion? Ralf
albe Posted November 7, 2011 Posted November 7, 2011 Hi, have question. We use a oscommercial internet shop. From the beginning I had help from a guy to make all the installation work. Now he moved far away and can not assist me anymore. My problem is the shop is infected with maleware. To stop the development the shop is "parked" now. I would need some professional help, cleaning the shop and get back safely on the air, Do you have any suggestion?
wildbill8448 Posted November 11, 2011 Posted November 11, 2011 when I tried to add the ip trap I get a 500 error I think its looking for filenames.php it wasnt in the includes folder IP_v5.2.zip
wildbill8448 Posted November 11, 2011 Posted November 11, 2011 I was wrong the htaccess file is not working do I put it in the root directory
wildbill8448 Posted November 11, 2011 Posted November 11, 2011 and there was no filenames.php in the includes for the ban ip download
wildbill8448 Posted November 11, 2011 Posted November 11, 2011 I found the filenames.php it was already there just the htaccess file is not working heres the code Disallow: /personal/
wildbill8448 Posted November 11, 2011 Posted November 11, 2011 this is the code I had someone put order allow,deny allow from all deny from 65.19.146.2 220.248.0.0/14
wildbill8448 Posted November 11, 2011 Posted November 11, 2011 when I add this line I get a blank page require(DIR_WS_INCLUDES . 'filenames.php');
kornel76 Posted November 13, 2011 Posted November 13, 2011 Hi, have question. We use a oscommercial internet shop. From the beginning I had help from a guy to make all the installation work. Now he moved far away and can not assist me anymore. My problem is the shop is infected with maleware. To stop the development the shop is "parked" now. I would need some professional help, cleaning the shop and get back safely on the air, Do you have any suggestion? Hi! How can we help you?
datdo Posted December 26, 2011 Posted December 26, 2011 Hi Guy, I am having a big trouble with admin account. When i logged in my account and somebody else use a different account to log in, my account will be change to his and this happens to all others. Can anyone give me some ideas why? And how to fix this issue? Thanks Dat
Taipo Posted December 26, 2011 Posted December 26, 2011 Can you tell us a bit more about your set up. What version of osCommerce are you using, what addons are you using etc. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX
m.ather Posted December 27, 2011 Posted December 27, 2011 Could you please send me .htaccess complete file as i have deleted it my mistake. thanks mate.
♥geoffreywalton Posted December 27, 2011 Posted December 27, 2011 The contents of the htaccess file differs by site and the contributions you have added, so it would be a complete guess as to what yours should contain. Sorry G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
m.ather Posted December 27, 2011 Posted December 27, 2011 Hi, I have got htaccess Protection Scripts_1.zip contribution, but i dont know where to start with. I believe in this file you have some thing in the start like.. /** * Baiduspider Block */ if ( isset( $_SERVER[ "HTTP_USER_AGENT" ] ) ) { $badagentlist = array( "Baiduspider", "WebStripper" ); $lcUserAgent = strtolower( $_SERVER[ "HTTP_USER_AGENT" ] ); foreach ( $badagentlistas $badagent) { $badagent = strtolower( $badagent); if ( false !== strpos( $lcUserAgent, $badagent) ) { $header = array( "HTTP/1.1 404 Not Found", "HTTP/1.1 404 Not Found", "Content-Length: 0" ); foreach ( $headeras $sent) { header( $sent); } die(); } } } Can i ask you to pls tell me how to protect myself with ip attack. Any tutorial that you are aware of? thanks mate
Taipo Posted December 27, 2011 Posted December 27, 2011 If osC_Sec is the addon you are looking for then download it from http://addons.oscommerce.com/info/8283 Unpack the zip file into your hardrive and open the readme.htm file which has all the instructions in it of how to install. For a list of other recommended addons for versions of osCommerce earlier than 2.3, see this link http://www.oscommerce.com/forums/topic/375288-updated-security-thread/ - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX
m.ather Posted January 3, 2012 Posted January 3, 2012 Let me explain again, The problem is that the catalog i am using for a site didn't have any .httaccess file which is the file where we add all the contents to secure ourselves from ip attacks and to make admin site secure. I tried to use some one's contents and added the long script from "Deny domain access to spammers httaccess script" contribution but it doesn't work. Thats why i am asking what is the best solution for that. Thanks so much The contents of the htaccess file differs by site and the contributions you have added, so it would be a complete guess as to what yours should contain. Sorry G
adobe19 Posted January 18, 2012 Posted January 18, 2012 I installed site monitor , ip trap security addons for 2.2rc2a tomorrow and some errors appeared.Today when i try to login admin page didnt open and this errors appeared. Warning: include(includes/secret.php) [function.include]: failed to open stream: No such file or directory in/home/freeus78/public_html/admin/includes/application_top.php on line 48 Warning: include() [function.include]: Failed opening 'includes/secret.php' for inclusion (include_path='.:/usr/local/php53/pear') in/home/freeus78/public_html/admin/includes/application_top.php on line 48 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in /home/freeus78/public_html/admin/includes/functions/sessions.php on line 102 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in /home/freeus78/public_html/admin/includes/functions/sessions.php on line 102 Warning: Cannot modify header information - headers already sent by (output started at /home/freeus78/public_html/admin/includes/application_top.php:48) in/home/freeus78/public_html/admin/includes/functions/general.php on line 22 i also tried installing security pro but couldnt.it says Find ... if ($request_type == 'NONSSL') { Add immediately ABOVE ... // Security Pro by FWR Media include_once DIR_WS_MODULES . 'fwr_media_security_pro.php'; $security_pro = new Fwr_Media_Security_Pro; // If you need to exclude a file from cleansing then you can add it like below //$security_pro->addExclusion( 'some_file.php' ); $security_pro->cleanse( $PHP_SELF ); // End - Security Pro by FWR Media That's it .. all installed! can someone show me exactly how it seems in code page are there spaces between sentences and at the bottom and the top.Thanks
Guest Posted January 18, 2012 Posted January 18, 2012 @@adobe19, You failed to upload the files included in the add on to the appropriate directories. Chris
♥geoffreywalton Posted January 19, 2012 Posted January 19, 2012 Look at the installation instructions for IP Trap and read the bit about where to put the file secret.php. You have either not uploaded it or it is in the wrong place. HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
adobe19 Posted January 28, 2012 Posted January 28, 2012 Hi.I almost know nothing about web site creation.While following the guides i couldnt figure out how the codes should look after i paste the new lines.I put the lines before and after pasting.Can you check if these are correct.Also i would ask the location of htaccess file.Thanks security pro before // set php_self in the local scope if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; if ($request_type == 'NONSSL') { define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); } else { define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); } after // set php_self in the local scope if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; // Security Pro by FWR Media include_once DIR_WS_MODULES . 'fwr_media_security_pro.php'; $security_pro = new Fwr_Media_Security_Pro; // If you need to exclude a file from cleansing then you can add it like below //$security_pro->addExclusion( 'some_file.php' ); $security_pro->cleanse( $PHP_SELF ); // End - Security Pro by FWR Media if ($request_type == 'NONSSL') { define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); } else { define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); } ----------------------------------------------- before // include the list of project filenames require(DIR_WS_INCLUDES . 'filenames.php'); // include the list of project database tables require(DIR_WS_INCLUDES . 'database_tables.php'); after // include the list of project filenames require(DIR_WS_INCLUDES . 'filenames.php'); // IP Trap V5 include(DIR_WS_INCLUDES . 'secret.php'); // include the list of project database tables require(DIR_WS_INCLUDES . 'database_tables.php'); ------------------------------------------
adobe19 Posted January 28, 2012 Posted January 28, 2012 i reread my previous post and realized couldnt make my point.I am asking if there are spaces between lines and should the lines be aligned to left or is there a spaces.Generally what do i need to do after pasting the lines.thanks
sarahw167 Posted January 29, 2012 Posted January 29, 2012 Do the steps outlined by spooks to secure your site apply to v2.3 also? kind regards, Sarah
♥geoffreywalton Posted January 29, 2012 Posted January 29, 2012 The changes to secure the log on do not need to be done in 2.3.1. Download and read the installation instrutoins for the contributions. Then you can decide if you want to install them. Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.