oswaldo_olivo Posted March 31, 2015 Share Posted March 31, 2015 Hi, Who should I write to in order to report a DoS vulnerability? Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 31, 2015 Share Posted March 31, 2015 Do you mean DOS, like in Windows DOS? If so, this package wouldn't have anything to do with that. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
oscMarket Posted March 31, 2015 Share Posted March 31, 2015 @@Jack_mcs http://en.wikipedia.org/wiki/Denial-of-service_attack Dos @@oswaldo_olivo http://www.oscommerce.com/forums/index.php?app=forums&module=extras§ion=stats&do=leaders Link to comment Share on other sites More sharing options...
Jack_mcs Posted March 31, 2015 Share Posted March 31, 2015 @@wHiTeHaT Thanks for the link. I'm familiar with DOS attacks but DOS vulnerabilities implies something else. In either case, it isn't something that would be handled by the oscommerce code, at least that I can see. But maybe I'm still not understanding the question. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
oscMarket Posted March 31, 2015 Share Posted March 31, 2015 @@Jack_mcs , i think the OP run such software on it, and that soft tells by default to "contact the manufacturer" of the soft to show him the report. I cannot imagine a security expert will go ask for the contact details in a forum, to it's forum users. As it is clearly easily to find out? Let's hope it is just like i think it is lol. Link to comment Share on other sites More sharing options...
MrPhil Posted March 31, 2015 Share Posted March 31, 2015 DoS attacks are normally taken care of the hosting provider. A DoS attack normally has nothing to do with any specific application vulnerabilities, but is an attempt to bog down and overpower the server by deliberately sending excessive requests to a site. You can somewhat block one via .htaccess DENYs (if you can see a small set of offending IP addresses), but it is usually better handled higher up the food chain by the host. If this is actually a Distributed DoS attack, with incoming requests from zombied computers all over the world, the only recourse may be to block everything from your site for a while, until the attacker gives up or loses interest. Then you can restore service, hoping that the attacker has moved on to something else. Talk to your host about what they can do. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.