ken0306 Posted August 2, 2013 Posted August 2, 2013 Hi, I am recently discovering that someone trying to hack my server though the newsletter script. Here is the email I getting from the newsletter signup notification though my server 1 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,database(),0x27,0x7e)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1 So, what they are trying to do in here, and how to prevent it happen again. Thank you ken
Taipo Posted August 2, 2013 Posted August 2, 2013 You get a lot of that. Its one of the joys of hosting a website in the internet. If you are concerned about it, try osC_Sec addon (see link in my signature) which will block these types of blind database injection attempts. Taipo - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX
ken0306 Posted August 2, 2013 Author Posted August 2, 2013 Thank you for your reply, I will trying to install some more security addon for my cart. ken
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.