View Full Version : osC_Sec - osCommerce Security Addon

12-28-2011, 03:52 PM
osC_Sec is a 'security include' addon that gets down to the point quick smart.

The primary function of osC_Sec is to provide a specific security patch to the known security issues that have plagued osCommerce based websites. osC_Sec also provides a filtering system to catch and prevent typical database attacks as well as attempt to upload files and use remotely hosted files to do damage to your website content.

- Contains the code patch for the admin login bypass exploit
- Checks user input for obsfuscated base_64 encoded strings
- Matches all user input POST variables against a blacklist
- Matches all user input GET variables against a blacklist
- Catch attempts to remotely or locally read or include malicious files
- Filter for MYSQL database injection attempts
- Filter for noDB injection attempts
- Filter cookies for HTTP response splitting and database injection attempts
- Set the correct filename for $PHP_SELF
- Matches all site URLs against a blacklist
- Filters all GET queries against a whitelist of allowed characters
- Checks all server requests types for malformed requests
- Optional writes the IP address of banned requests to the htaccess file, thus preventing further access to the site by that IP
- Prevents direct loading of the osc_Sec files
- Prevent spamming via Tell A Friend scripts
- Lower the information signature leaked by webservers to attackers as part of their intel gathering
- Get the real ip address
- Blocks bad web spidering (DEV)
- Written in PHP 4.x class format
- Optional email notification of attack attempts
- Compatible with IP Trap and Sitemonitor
and more....

Who should use it?
- Users of Oscommerce versions earlier than 2.3
- If your site has been hacked before
- If your site gets heavy attention from malware exploiters and you wish to lower the bandwidth being used by these attacks.

See readme.htm for install instructions

More... (http://addons.oscommerce.com/info/8283)