filmcell Posted May 3, 2011 Share Posted May 3, 2011 i just took a screen capture from my cpanel last month from a non live oscommerce store. looks a bit weird -does this look like its been hacked? Link to comment Share on other sites More sharing options...
Taipo Posted May 3, 2011 Share Posted May 3, 2011 If you have patched the $PHP_SELF code on your site then none of those attempts to bypass the admin permissions will work. To patch the $PHP_SELF code, install Osc_Sec.php the link is in my signature. Same goes if you have changed the name of the admin directory, and/or upgraded to Oscommerce 2.3.1, those will also prevent those hack attempts from being successful. If however you have not secured your site in that manner, then most of those (where you see links that contain ".php/login.php") would have been successful in bypassing your admin security, and you will need to then do a full clean up of your site as has been covered in many other posts in this forum. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
burt Posted May 3, 2011 Share Posted May 3, 2011 You do not need to install to install osc_sec to patch the php_self problem. It would have been better for Taipo to explain more clearly that osc_sec does more than this, and is not the only way to patch the php_self. You simply need to change 1 line of code in application_top.php, which has been covered many times in the past. Note that osc_sec does contain far more than a simple 1 line code change, so is worth installing if you feel the need. Link to comment Share on other sites More sharing options...
Taipo Posted May 3, 2011 Share Posted May 3, 2011 The point is that there are more things wrong with Osc2.2.1 than just the $PHP_SELF code for determining the filename. 'Simply' changing two lines of code (both application_top.php files) will at least stop the most common attack on Oscommerce, but will not stop the injection attacks that target the product_id and other unprotected user entry points which attackers are using to install appended code into vulnerable sites. So technically speaking, burt is correct, you do not need to install osc_sec.php to patch the main security hole in Oscommerce 2.2.1, nor any of the other security fixes either including Security Pro 2.0, or the htaccess based security addons, or change the name of the admin directory, delete file manager etc etc....nor even upgrade to 2.3.1 if you want to be pedantic about it. But then, why only fix some of the security issues and leave the rest open for later attacks? The best practice is to upgrade to 2.3.1 and should really be the one that is encouraged by anyone assisting people to patch their sites. Sometimes I think osc_sec.php and other addons can do more harm than good because they encourage users to persist with out of date versions of site code when in fact there is no real substitute than using the latest stable version of a system like Oscommerce. If anyone wants an indepth explanation of what osc_sec does they can read the link in my signature about it, and also read the install instructions in the readme which covers it. Sometimes I just get 'finger tired' of having to explain or that Burt. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.