Kosmo Posted March 21, 2015 Share Posted March 21, 2015 Hello! My web store OSC 2.2 is exist about 8 years. Week ago I have moved to new hosting and found 2 problems: 1. I can see files and browse in folders inside of main catalog directory (excluding admin folder). For example, if I put in browser this address http://mywebsite.com/includes, I can see all files and browse folders inside it. Files content I can't see. All this folders have permissions 0755. 2. Yesterday I saw in "who's online" strange queries from 5 different IP's, like this: /index.php?osCsid=8919253b58391519a47714fb514b66e5&cPath=82_330_259%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20%28SELECT%20distinct%20concat%28file_priv%2C0x27%2C0x7e%29%20FROM%20mysql.user%20%20LIMIT%200,1%29%29%20from%20information_schema.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%201%3D1 /index.php?osCsid=8919253b58391519a47714fb514b66e5&cPath=82_330_259%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1 /index.php?osCsid=8919253b58391519a47714fb514b66e5&cPath=82_330_2591111111111111%22%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45),CHAR(45,120,49,49,45,81,45),CHAR(45,120,49,50,45,81,45),CHAR(45,120,49,51,45,81,45),CHAR(45,120,49,52,45,81,45),CHAR(45,120,49,53,45,81,45),CHAR(45,120,49,54,45,81,45),CHAR(45,120,49,55,45,81,45),CHAR(45,120,49,56,45,81,45),CHAR(45,120,49,57,45,81,45),CHAR(45,120,50,48,45,81,45),CHAR(45,120,50,49,45,81,45),CHAR(45,120,50,50,45,81,45),CHAR(45,120,50,51,45,81,45),CHAR(45,120,50,52,45,81,45),CHAR(45,120,50,53,45,81,45)%20--%20/*%20order%20by%20%22as%20/* Can you help me with this please? Link to comment Share on other sites More sharing options...
Taipo Posted March 21, 2015 Share Posted March 21, 2015 You may need to add an .htaccess file to your includes directory with the following code in it: Options -Indexes The rest of the URL request strings are blind database injection attempts probably from an automated attack server that trolls the net looking for osCommerce sites. Decodes to the following: and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(file_priv,0x27,0x7e) FROM mysql.user LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 You can either ignore these database injection attempts, or install osC_Sec ( link is in my signature ) which will easily block these requests. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Kosmo Posted March 21, 2015 Author Share Posted March 21, 2015 Taipo, thank you, after adding Options -Indexes I can't browse them. This code I need to add to all directories inside main catalog, like /cache, /tmp ? Ok, I will install this module. Link to comment Share on other sites More sharing options...
MrPhil Posted March 21, 2015 Share Posted March 21, 2015 Your .htaccess settings (e.g., Options -Indexes) apply to all lower level (child) directories beneath the .htaccess file's directory, so there's no need to add more .htaccess files. A couple of things to note: More and more hosts are banning the use of Options, as a security problem. If your host should do this, you will probably see "500" errors on your site, and you will have to remove the Options -Indexes and do something else (such as putting an empty index.html file in every directory which does not already have an "index" file). If you have a Windows server (IIS, etc.), not an Apache ("Linux") server, .htaccess files are normally ignored. Another thing: osC 2.2 is really ancient, and hackers know how to exploit it. Your site probably already has been hacked. You should be immediately moving towards 2.3.4, which is the current version, and make an effort to stay reasonably current. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.