Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Is there is security issue with product_reviews.php


filmcell

Recommended Posts

Posted

Ive setup a new store , not live yet . i dont have any customers.

 

I done some of the secutity fixes

 

But i have noticed someone from russia has been trying do somthing with product_reviews.php

 

I see product_reviews_write.php active in whos online. Any security issues you can direct me to with this.

 

Looks like he knows something i dont.

thanks.

 

--------

 

Just checked again . and hes looking at another product now . with

 

product_reviews.php?products_id=305&osCsid

Posted

Hi,

 

From my (Limited) understanding, if you have installed Spooks Anti-Hacker mods and the other security fixes then you should be ok.

 

From my part, I only sell to UK, Ireland and France - So I have banned all of the other countries via .htaccess (except US - For Google) - so now I dont get russians, mongolians, chinease etc on my site.

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Posted

Hi there,

 

This may sound like a very strange question, but how do you ban the countries in the .htaccess file? Are you using IP ranges or is there a special trick.

 

The reason I am asking is that I have also observed some Russian IPs trying to access certain files, but no matter how m any times I ban their ip or its range they seem to find new Ip's to use, its very frustrating.

 

If you could list the code you use in the .htaccess file that would be great.

 

Regards.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...