iflyamphib Posted November 27, 2011 Share Posted November 27, 2011 Good evening. I've installed a clean (not upgrading) version of 1.7 for osc 2.3.1 this afternoon. With both test urls: http://www.siteurl.com/&test=%22%3EXXX and http://www.siteurl.com/?test="><script>eval(window.name)</script> I receive the following: 403 Forbidden You don't have permission to access / on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. If I remove the portion after the .com, the test site loads / functions properly. The database tables have been created properly and are viewable from Php Admin. I've gone through the install manual twice to verify placement of the files and code within the modified files. I can add myself (ip from the Who's Online) and ban myself, and then receive the email successfully (using the contact form only). Nothing is logged to the PHPIDS Log report however. Should it be when manually banning an IP? The host is HostGator. Server running php 5.2.17 with PDO enabled (viewed from previous posts) This is a new test site where I have been adding contributions to have as a 'master' for upgrading / creating other sites. Is this a hosting issue? Thank you for any light anyone can shed on this. Jim Quote Link to comment Share on other sites More sharing options...
Taipo Posted December 1, 2011 Share Posted December 1, 2011 Suggestion: file: banned_ip.php code: $ip_check = tep_get_ip_address(); Since tep_get_ip_address() can allow either the values of the HTTP_X_FORWARDED_FOR or HTTP_CLIENT_IP header (if set) to be the ip address ahead of the dependable REMOTE_ADDR, and because it is possible to spoof both of those headers, it might be better to stick with REMOTE_ADDR as the ip address to check for banned IPs in the db. That would also be consistent with the fact that REMOTE_ADDR is used as the ip address that is banned in the banned.php file. I know that where the webserver is a part of a cluster configuration, this can also cause false IP addresses to be banned, if you however depend on tep_get_ip_address() to check IPs in the db, that may allow for this addon to be completely bypassed if an attacker got to thinking about sending spoofed HTTP_X_FORWARDED or HTTP_CLIENT_IP ip addresses with their attacks. code suggestion: $ip_check = ( false !== isset( $_SERVER ) ) ? $_SERVER[ "REMOTE_ADDR" ] : getenv( "REMOTE_ADDR" ); Or more simply: $ip_check = $_SERVER[ "REMOTE_ADDR" ] Quote - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Guest Posted December 5, 2011 Share Posted December 5, 2011 2. Unzip the zipped file and rename "phpids-0.6.4" directory as "phpids". 3. Make sure that this renamed directory has the following directories directly in it: docs lib tests None of these files are in any of the packages Quote Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted December 5, 2011 Share Posted December 5, 2011 Maybe if it said create these 3 directories in ........ Cheers G FrostyFred 1 Quote Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Guest Posted December 5, 2011 Share Posted December 5, 2011 What is says is to: 1. Download "PHPIDS 0.6.3.1 (ZIP)" or the latest version at: http://php-ids.org/downloads/ 2. Unzip the zipped file and rename "phpids-0.6.3.1" directory as "phpids". 3. Make sure that this renamed directory has the following directories directly in it: docs lib nbproject tests This site can not be reached. if you have go somewhere else to get these that are not in the packages, then it is not a complete package and should state that in the package downloads instead of saying (this is a complete package. Quote Link to comment Share on other sites More sharing options...
Guest Posted December 5, 2011 Share Posted December 5, 2011 Does anyone have the phpids that they can upload to the package area. The http://php-ids.org/downloads/ can no longer be reached. Thanks Quote Link to comment Share on other sites More sharing options...
Guest Posted December 6, 2011 Share Posted December 6, 2011 getting this error 1.6 installed with latest phpids 7.0 innstalled Fatal error: Call to a member function bindParam() on a non-object in /home/xx/public_html/xxx/includes/phpids/lib/IDS/Log/Database.php on line 272 Quote Link to comment Share on other sites More sharing options...
♥altoid Posted December 6, 2011 Share Posted December 6, 2011 Does anyone have the phpids that they can upload to the package area. The http://php-ids.org/downloads/ can no longer be reached. Thanks Try https://phpids.org/downloads/ Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
Guest Posted December 6, 2011 Share Posted December 6, 2011 Try https://phpids.org/downloads/ I have already installed the latest 7.0 but can find now answer for the error Quote Link to comment Share on other sites More sharing options...
cooch Posted December 29, 2011 Share Posted December 29, 2011 Can't get wishlist.php to work because POST.prod_link and REQUEST.prod_link are being detected as xss attacks: Affected tags: xss csrf Affected parameters: REQUEST.prod_link.0=http%3A%2F%2Fwww.domain.com%2Fstore%2Fproduct_info.php%3Fproducts_id%3D367%7B1%7D2, POST.prod_link.0=http%3A%2F%2Fwww.domain.com%2Fstore%2Fproduct_info.php%3Fproducts_id%3D367%7B1%7D2, Request URI: /store/wishlist.php I added REQUEST.prod_link and POST.prod_link to the exclusion list with no luck. If I have a number of items on wishlist, the total impact bans me...Any ideas? Quote Link to comment Share on other sites More sharing options...
ancla Posted January 17, 2012 Share Posted January 17, 2012 Hello, good evening I’m trying to instal a clean (not upgrading) version of 1.7 for osc 2.2rc2a. At “Step-B: Admin” point 5 states: Find the following code in admin/includes/boxes/tools.php file: Array { ‘code’ => FILENAME_ACTION_RECORDER, ‘title’ => BOX_TOOLS_ACTION_RECORDER, ‘link’ => tep_href_link (FILENAME_ACTION_RECORDER) }, Though that array is not in my “tools.php” file. The whole content of my file is: <?php /* $Id: tools.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2002 osCommerce Released under the GNU General Public License */ ?> <!-- tools //--> <tr> <td> <?php $heading = array(); $contents = array(); $heading[] = array('text' => BOX_HEADING_TOOLS, 'link' => tep_href_link(FILENAME_BACKUP, 'selected_box=tools')); if ($selected_box == 'tools') { $contents[] = array('text' => '<a href="' . tep_href_link(FILENAME_BACKUP) . '" class="menuBoxContentLink">' . BOX_TOOLS_BACKUP . '</a><br>' . '<a href="' . tep_href_link(FILENAME_BANNER_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_BANNER_MANAGER . '</a><br>' . '<a href="' . tep_href_link(FILENAME_CACHE) . '" class="menuBoxContentLink">' . BOX_TOOLS_CACHE . '</a><br>' . '<a href="' . tep_href_link(FILENAME_DEFINE_LANGUAGE) . '" class="menuBoxContentLink">' . BOX_TOOLS_DEFINE_LANGUAGE . '</a><br>' . '<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' . '<a href="' . tep_href_link(FILENAME_MAIL) . '" class="menuBoxContentLink">' . BOX_TOOLS_MAIL . '</a><br>' . '<a href="' . tep_href_link(FILENAME_NEWSLETTERS) . '" class="menuBoxContentLink">' . BOX_TOOLS_NEWSLETTER_MANAGER . '</a><br>' . '<a href="' . tep_href_link(FILENAME_SERVER_INFO) . '" class="menuBoxContentLink">' . BOX_TOOLS_SERVER_INFO . '</a><br>' . '<a href="' . tep_href_link('csv_import.php') . '" class="menuBoxContentLink">Importar CSV de Excel/OOCalc</a><br>' . '<a href="' . tep_href_link(FILENAME_WHOS_ONLINE) . '" class="menuBoxContentLink">' . BOX_TOOLS_WHOS_ONLINE . '</a>'); } $box = new box; echo $box->menuBox($heading, $contents); ?> </td> </tr> <!-- tools_eof //--> Please, can anyone tell me where insert the following required code or if lacks some code in my file? The code to insert is: array( 'code' => FILENAME_PHPIDS, 'title' => BOX_TOOLS_PHPIDS, 'link' => tep_href_link(FILENAME_PHPIDS) ), array( 'code' => FILENAME_BANNED_IP, 'title' => BOX_TOOLS_BANNED_IP, 'link' => tep_href_link(FILENAME_BANNED_IP) ), Thank you for any help you can give me. Angel Barros Quote Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted January 18, 2012 Share Posted January 18, 2012 Hi Just add a line after '<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '</a><br>' . and change the words in capitals to those for the contibution you are trying to add. HTH G Quote Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
DougieMac Posted January 27, 2012 Share Posted January 27, 2012 (edited) Hi, Let me apologise first in case this problem has already been posted, but its late now and I cant find anything similar. I am hoping you can help me with this error :- 1146 - Table 'a4993375_msc.TABLE_BANNED_IP' doesn't exist select ip_address from TABLE_BANNED_IP where ip_status='0' [TEP STOP] when I try to access the shop, http://mywebsite/catalog/index.php. This occured when trying the test http://mywebsite/catalog/index.php.?id=1&test=">XXX. Prior to this test I could access the site easily. I am running oscommerce 2.3.1 on win xp64 with phpids 1.7 installed. Given that I am fairly new to php, can you point me to where I have went wrong. There are no entries in the PHPIDS log and no entries in the banned IP section. Edited January 27, 2012 by DougieMac Quote Link to comment Share on other sites More sharing options...
DougieMac Posted January 27, 2012 Share Posted January 27, 2012 Hi, Let me apologise first in case this problem has already been posted, but its late now and I cant find anything similar. I am hoping you can help me with this error :- 1146 - Table 'a4993375_msc.TABLE_BANNED_IP' doesn't exist select ip_address from TABLE_BANNED_IP where ip_status='0' [TEP STOP] when I try to access the shop, http://mywebsite/catalog/index.php. This occured when trying the test http://mywebsite/catalog/index.php.?id=1&test=">XXX. Prior to this test I could access the site easily. I am running oscommerce 2.3.1 on win xp64 with phpids 1.7 installed. Given that I am fairly new to php, can you point me to where I have went wrong. There are no entries in the PHPIDS log and no entries in the banned IP section. Ok, fresh look at the forum this morning and I found the solution. Doh! Apologies. Quote Link to comment Share on other sites More sharing options...
modem2.0 Posted March 16, 2012 Share Posted March 16, 2012 Hello, I'm building a new shop using oscommerce 2.3.1 and I added this contrib, but when I do the 2 suggested tests I get the following error: Exception: PDOException: SQLSTATE[28000] [1045] Access denied for user 'root'@'localhost' (using password: NO) I'm building it on my windows PC using WAMP, so I'm wondering if this is the problem... I have it running correctly on my old oscommerce 2.2 shop... Any idea? Quote Link to comment Share on other sites More sharing options...
modem2.0 Posted March 17, 2012 Share Posted March 17, 2012 I found the issue of my problem... My Wamp MySQL server is not running on the default port, and the script is not using the OSC configuration. Once I changed the port on osc_phpids.php in the modules folder it worked flawlessly. Quote Link to comment Share on other sites More sharing options...
modem2.0 Posted April 18, 2012 Share Posted April 18, 2012 Hi, I'm having this contribution installed, and I'm also using the contribution customer Must Accept Terms and Conditions (MATC) http://addons.oscommerce.com/info/5750 But now I have lots on entries in the table PHPIDS Log related to REQUEST.conditions and POST.conditions in the create_account.php file and with all the conditions written. Is there a way to fix this? Quote Link to comment Share on other sites More sharing options...
modem2.0 Posted April 28, 2012 Share Posted April 28, 2012 Hi, I'm having this contribution installed, and I'm also using the contribution customer Must Accept Terms and Conditions (MATC) http://addons.oscommerce.com/info/5750 But now I have lots on entries in the table PHPIDS Log related to REQUEST.conditions and POST.conditions in the create_account.php file and with all the conditions written. Is there a way to fix this? Anyone?? Quote Link to comment Share on other sites More sharing options...
chandrika Posted May 23, 2012 Share Posted May 23, 2012 Hi, I have just discovered that my installation of phpids, was causing a problem with my paypal IPN notifications. Sometimes they were getting sent, sometimes not and checking the error logs on the server for paypals ipn notification url (173.0.81.1) I found [Wed May 23 06:18:54 2012] [error] [client 173.0.81.1] PHP Fatal error: Class 'PDO' not found in /home/****/public_html/includes/phpids/lib/IDS/Log/Database.php on line 172 I have disabled phpids for a while and ipn notifications are now ok. I use paypal standard module for payments. I see there is an option in admin phpids, for variable exclusions and thinking that maybe there is something I can enter there that might stop phpids blocking paypal ipns. The ipn notification script in my oscommerce is at /ext/modules/payment/paypal/standard_ipn.php I could post that page if someone may be able to tell me whether there is a variable there i could exclude? What do you think? Quote Link to comment Share on other sites More sharing options...
cooch Posted May 30, 2012 Share Posted May 30, 2012 Anyone?? Did you ever get this fixed? Quote Link to comment Share on other sites More sharing options...
modem2.0 Posted August 14, 2012 Share Posted August 14, 2012 (edited) Did you ever get this fixed? Never. But now I also have the PDO issue in the create account... Edited August 14, 2012 by modem2.0 Quote Link to comment Share on other sites More sharing options...
ce7 Posted September 11, 2012 Share Posted September 11, 2012 Hi there, I had installed this addon, till step E Test, TEST-1, I got a warning as below: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /includes/modules/osc_phpids.php:199) in /includes/functions/sessions.php on line 102 And the TEST-2, I did not see any test result, the page just showed HTTP 406 Not Acceptable. Is it normal or what I did wrong? Many thanks in advance. Lyn Quote Link to comment Share on other sites More sharing options...
broadstreetbully Posted September 13, 2012 Share Posted September 13, 2012 kept getting a "missing table" error in my admin after correct installation....uninstalled after reading about all the issues and scripts built specifically for this addon... Quote Link to comment Share on other sites More sharing options...
ce7 Posted November 8, 2012 Share Posted November 8, 2012 Hi, I just got an attack: IP: 184.82.78.125 Date: 2012-11-08T10:12:16+11:00 Impact: 14 Affected tags: xss csrf id rfe lfi Affected parameters: REQUEST.excerpt=%5B...%5D+that+is+the+end+of+this+article.+Here+you%E2%80%99ll+find+some+sites+that+we+think+you%E2%80%99ll+appreciate%2C+just+click+the+links+over%5B...%5D%E2%80%A6, POST.excerpt=%5B...%5D+that+is+the+end+of+this+article.+Here+you%E2%80%99ll+find+some+sites+that+we+think+you%E2%80%99ll+appreciate%2C+just+click+the+links+over%5B...%5D%E2%80%A6, Request URI: /mg/product_info.php?products_id=212/trackback anyone knows what should I do, and if my website has affected, if so what steps should I go futher? Many thanks in advance. Lyn Quote Link to comment Share on other sites More sharing options...
LeanderPL Posted December 30, 2012 Share Posted December 30, 2012 (edited) Hi, I just got an attack: IP: 184.82.78.125 Date: 2012-11-08T10:12:16+11:00 Impact: 14 Affected tags: xss csrf id rfe lfi Affected parameters: REQUEST.excerpt=%5B...%5D+that+is+the+end+of+this+article.+Here+you%E2%80%99ll+find+some+sites+that+we+think+you%E2%80%99ll+appreciate%2C+just+click+the+links+over%5B...%5D%E2%80%A6, POST.excerpt=%5B...%5D+that+is+the+end+of+this+article.+Here+you%E2%80%99ll+find+some+sites+that+we+think+you%E2%80%99ll+appreciate%2C+just+click+the+links+over%5B...%5D%E2%80%A6, Request URI: /mg/product_info.php?products_id=212/trackback anyone knows what should I do, and if my website has affected, if so what steps should I go futher? Many thanks in advance. Lyn I've got it to. For different IPs it started to send notifications somewhere about 21 december, almost 100 per day. What to do now? Is it a hack attack on shop? Entering PHPLDS plugin in Admin Panel gives popup with "9537246810"... Edited December 30, 2012 by LeanderPL Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.