Iggy Posted December 10, 2009 Posted December 10, 2009 Seems there's some shenanigans afoot with a new worm/virus targeting vulnerable scripts. Light on details so far but here's the article http://www.net-security.org/secworld.php?id=8604 Doing a quick search shows it's mostly asp with some php sites thrown in - meaning it may be SQLserver only. http://www.google.com/search?q=318x.com I don't find it on my machines... yet. Can anyone confirm osC's status for this threat? If you have more info on this beastie than what's posted above, like it's attack vector, I'd love to see it as well. Just trying to stay ahead of the curve, Iggy Everything's funny but nothing's a joke...
spooks Posted December 10, 2009 Posted December 10, 2009 How to secure your site: http://www.oscommerce.com/forums/index.php?showtopic=313323 Once you secure your site you wont be vunerable to injection attacks. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
Iggy Posted December 10, 2009 Author Posted December 10, 2009 How to secure your site: http://www.oscommerce.com/forums/index.php?showtopic=313323 Once you secure your site you wont be vunerable to injection attacks. Nice. Did you read the post? Let's assume the majority of folks don't have these installed You can prevent any injection attacks with Security Pro http://addons.oscommerce.com/info/5752 You can monitor sites for unauthorised changes with SiteMonitor http://addons.oscommerce.com/info/4441 You can block elicit access attempts with IP trap http://addons.oscommerce.com/info/5914 You can add htaccess protection http://addons.oscommerce.com/info/6066 You can stop Cross Site Scripting attacks with Anti XSS http://addons.oscommerce.com/info/6044 Now is osC vulnerable to this particular SQL Injection or do you have more information? Everything's funny but nothing's a joke...
spooks Posted December 10, 2009 Posted December 10, 2009 Nice. Did you read the post? Let's assume the majority of folks don't have these installed Now is osC vulnerable to this particular SQL Injection or do you have more information? By implication & the fact I say there 'you must install these' then clearly the answer is yes, did you think those are there for some other reason? Its been said b4, osC in its raw state is just a basic framework for you to do with as you will, in some cases those uses will have little concern for security, so the core is not overloaded with stuff that may not be needed, but that doesn't mean you should be complacent or that you should demand that something should be there as you happen to need it!! PS I can assure that many e-commerce sites useing osC will have now, or very soon added those, as many have learnt recently the error of failing to do so, those that dont can be fairly sure the hackers will find them soon. There is little excuse for claiming ignorance, that thread is easy to find!! Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
Iggy Posted December 11, 2009 Author Posted December 11, 2009 By implication & the fact I say there 'you must install these' then clearly the answer is yes, did you think those are there for some other reason? Its been said b4, osC in its raw state is just a basic framework for you to do with as you will, in some cases those uses will have little concern for security, so the core is not overloaded with stuff that may not be needed, but that doesn't mean you should be complacent or that you should demand that something should be there as you happen to need it!! PS I can assure that many e-commerce sites useing osC will have now, or very soon added those, as many have learnt recently the error of failing to do so, those that dont can be fairly sure the hackers will find them soon. There is little excuse for claiming ignorance, that thread is easy to find!! Have these forums slid this far? I'm not claiming ignorance, I'm not shy about tweaking the code, I do not expect osC to be just right out of the box and I am most CERTAINLY not demanding anything. I'm asking: Does anyone have any more information on this particular threat and is the out of the box osC install in any MS or RC release flavor vulnerable Pretty simple questions which I can figure out myself but was hoping to save some time leveraging the communal brain. Everything's funny but nothing's a joke...
Ben Nevis Posted December 11, 2009 Posted December 11, 2009 The out of the box osc, at least up to oscRC2.2, is vulnerable to sql injection attacks. Does it really matter if it is vulnerable to this particular one or not, when, without implementing the necessary security measures, it is vulnerable to others? What would be of more interest to know is whether protection against this particular exploit requires any further security measures to those spooks already mentions? Thankfully it seems not. www.jyoshna.com. Currently using OsC with STS, Super Download Store, Categories Descriptons, Manufacturers Description, Individual Item Status, Infopages unlimited, Product Sort, Osplayer with flashmp3player, Product Tabs 2.1 with WebFx Tabpane and other bits and pieces including some I made myself. Many thanks to all whose contributions I have used!
Iggy Posted December 11, 2009 Author Posted December 11, 2009 The out of the box osc, at least up to oscRC2.2, is vulnerable to sql injection attacks. Does it really matter if it is vulnerable to this particular one or not, when, without implementing the necessary security measures, it is vulnerable to others? What would be of more interest to know is whether protection against this particular exploit requires any further security measures to those spooks already mentions? Thankfully it seems not. That's the thing. Gumblar was nasty and I only ran into 2 folks infected - via stolen FTP passwords. Of course the easy thing is to just make all index files 444 but that's a short term precaution and since it "seems" to be dropping info into a db table (no one really says) I suspect it's targeted at a specific piece of software (no one really says) and possibly SQLserver only (no one really says). osC ought to be immune even if the injection were to work unless it gets targeted specifically - unlike Gumblar which could spread to any platform. But it would be nice to know for sure, eh? Again, I would just like to be in front of the curve. Everything's funny but nothing's a joke...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.