Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Is my server got hack?


ken0306

Recommended Posts

Hi, I am recently discovering that someone trying to hack my server though the newsletter script.

 

Here is the email I getting from the newsletter signup notification though my server

1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,database(),0x27,0x7e)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1

 

So, what they are trying to do in here, and how to prevent it happen again.

Thank you

ken

Link to comment
Share on other sites

You get a lot of that. Its one of the joys of hosting a website in the internet.

 

If you are concerned about it, try osC_Sec addon (see link in my signature) which will block these types of blind database injection attempts.

 

Taipo

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...