ken0306 Posted August 2, 2013 Share Posted August 2, 2013 Hi, I am recently discovering that someone trying to hack my server though the newsletter script. Here is the email I getting from the newsletter signup notification though my server 1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,database(),0x27,0x7e)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1 So, what they are trying to do in here, and how to prevent it happen again. Thank you ken Link to comment Share on other sites More sharing options...
Taipo Posted August 2, 2013 Share Posted August 2, 2013 You get a lot of that. Its one of the joys of hosting a website in the internet. If you are concerned about it, try osC_Sec addon (see link in my signature) which will block these types of blind database injection attempts. Taipo - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
ken0306 Posted August 2, 2013 Author Share Posted August 2, 2013 Thank you for your reply, I will trying to install some more security addon for my cart. ken Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.