qwertyjjj Posted September 16, 2009 Posted September 16, 2009 Anyone know where the post is about the ereg hack and what to fix? Is there a security section where all these fixes could be grouped together?
Xpajun Posted September 16, 2009 Posted September 16, 2009 ereg hack? what errors are you getting? My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary
spooks Posted September 16, 2009 Posted September 16, 2009 Try not to refer to things as 'hacks' that have nothing mto do with that subject!! A little search & u would have found http://www.oscommerce.com/forums/index.php?showtopic=341737 Search the forum with google by putting site:http://www.oscommerce.com/forums then query Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
qwertyjjj Posted September 16, 2009 Author Posted September 16, 2009 Try not to refer to things as 'hacks' that have nothing mto do with that subject!! A little search & u would have found http://www.oscommerce.com/forums/index.php?showtopic=341737 Search the forum with google by putting site:http://www.oscommerce.com/forums then query No, there was an update to a security thread the other day but I can't find it in my subscribed topics or a search. Someone was getting code injected into the top of their page. Found it: eval(base64_decode hack So, as long as I delete filemanager.php this is fine?
Xpajun Posted September 16, 2009 Posted September 16, 2009 No, there was an update to a security thread the other day but I can't find it in my subscribed topics or a search.Someone was getting code injected into the top of their page. Found it: eval(base64_decode hack So, as long as I delete filemanager.php this is fine? It's a start, you should also check out and apply the other security that Sam mentions on this thread Keeping up to date with your security is the only way to prevent serious hacks Having a full up-to-date "master" copy of your site will mean any hack that does manage to breach your security will only do the minimal amount of damage in downtime My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary
♥ecartz Posted September 18, 2009 Posted September 18, 2009 So, as long as I delete filemanager.php this is fine?I think that define_language.php might be vulnerable to the same kind of exploit as well. By the way, I personally prefer the word cracks over hacks when referring to exploits. A hack was traditionally a clever thing that someone did. For example, CCGV uses a hack to handle gift vouchers as "virtual weight" products. Hacks are risky in that they tend to rely on incidental behavior that might change, but they aren't overtly negative, like cracks. Crack does not have that same confusing association. Always back up before making changes.
♥kymation Posted September 18, 2009 Posted September 18, 2009 After looking at the code for define_language.php, I have to agree. That could be used to inject code into the language files. That's another file that needs to be deleted. Thanks for pointing that out. Regards Jim See my profile for a list of my addons and ways to get support.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.