♥FWR Media Posted September 12, 2010 Share Posted September 12, 2010 (edited) KISS FileSafe by FWR Media Requirements: PHP 5.2+ Compatibility: osCommerce all versions PHP 5.3 compatible Credits: Thanks to the beta testers who's valuable time and effort assisted greatly: ken44 jwilkins burt What is KISS FileSafe? ( KISS means Keep It Simple Stupid! ) There are many posts in the osCommerce forums about "being hacked", whether the intrusion was via the server or via a security hole in your specific application most often it ends up with your files being modified to suit a hacking purpose. This could just be a simple defacement or could be the critical stealing of private customer information, either way it is undesireable and needs to be managed. KISS FileSafe is a simple but effective script which will inform you if and when a file is introduced to your application or an existing file is modified giving you the opportunity to deal with the problem early armed with the knowledge of the actual files in question and their location. Disclaimer: KISS FileSafe does NOT stop your application from being hacked it informs you of newly introduced or modified files allowing you take prompt and informed action. Also of course it let's you know that nothing has happened to your files providing peace of mind. Installation couldn't be simpler .. no admin settings .. no file changes .. simply upload the files .. set a cron job and you're done. There are other scripts that do this type of thing Yes there are, and some are extremely complex. Some are even trying to emulate an anti virus system. Let's be frank here, security at the code level must be a simple process, ideally taking a whitelist approach. The only bodies able to take an effective blacklist approach to hacking vectors are professional organisations like Emsisoft/Ikarus. It is impossible to cover the constantly changing hacking vectors and to attempt to do so with little knowledge is more dangerous than helpful so what this script does is the necessary basics following the below simple reasoning: - 1) KISS FileSafe reports that a new file has been added. My Question to Me: Did I add it? Answer Yes: - Ok all is well. My Reaction: I shall reset the KISS FileSafe system which will then accept this new file as safe. Answer N0 I DIDN'T: - all may not be well. My Reaction: I shall download the file and check it, if there is no valid reason for the file to exist I will delete it and ask my hosts to look at the file and check how it got there. If it had a valid reason to be there e.g. a cache file or something I may add the directory to the ignore list. 2) KISS FileSafe reports that an existing file has been modified. My Question to Me: Did I modify it? Answer Yes: - Ok all is well. My Reaction: I shall reset the KISS FileSafe system which will then accept this modified file as safe. Answer N0 I DIDN'T: - all may not be well. My Reaction: I shall download the file and check it against my last backup. If it looks worrying I will overwrite the file with my backup ask my hosts to look at the file and check how it was modified. If it turns out to be a constantly changing valid file e.g. errors.txt or something I will consider adding the file to the ignore_files list. How will I know it is working? Every time KISS FileSafe runs it will send a run report via email .. this will look like : - File count: 1366 KISS FileSafe ran for: 0.12 seconds KISS FileSafe paused 0 time(s) to unload server for a total of 0 seconds Actual parse time: 0.12 seconds KISS FileSafe Identified Unknown Files: None KISS FileSafe Identified Modified Files: None How can I test it? 1) Add a new file to your system - hacktest.php or something. 2) Download an existing file then re upload it again ( changes the last modified time ). 3) Force the system to run by browsing to filesafe.php adding the authentication password .. like .. www.mysite.com/catalog/filesafe.php?auth=my_password ( where my_password is what you set authentication_value to in kiss_filesafe.ini ). This will force the system to run a check and you should get a run report and an "identified" report which will have identified the new and the modified file. Documentation for developers: phpDocumentor for KISS FileSafe Recommended Additional Security Measures: Protect your querystring from attacks by installing Security Pro ( find it in osCommerce addons ). Download KISS FileSafe: osCommerce addons: KISS FileSafe Edited September 12, 2010 by FWR Media Quote Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.