Community Add-Ons

Hi All,

I found this alternative http://addons.oscommerce.com/info/6546
to this Anti XSS.

This one wont result in people being baned just cleanses the HTML PHP Scripts thus rendering the XSS attackes useless

File uploaded is a dummy file

sorry please dont use amended changes or add that script if using rc2a

I've found its to sensitive and results in non hackers being baned

file uploaded is dummy file or use with caution

Hi the following in adding xss to .htaccess file
resulted in some customers being baned on buy now if turned into forms and if customer entered an invalid credit card number

find
RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]

im no expert in this but did ask on expert exchange what was causing the problem and above is what they recommended

and replace with
RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark).* [NC]

file uploaded says the same thing

I take no credit for this contribution, this is based upon the anti-xss contribution by "pixclinic" with extra sql injection protection I found elsewhere on the web.

All I have added is the extra code and logging capability.

This will basically send any hacker to log.php which will display a message that his/her IP has been logged - this is stored in a file called iplog.txt in catalog root.


3 Easy Steps.


After install head off to http://www.ncircle.com/index.php?s=products_pci-compliance#freescan to get your free pci compliance scan!

To be even safer also consider installing FWR Media's Security Pro Contribution from http://addons.oscommerce.com/info/5752

only 10 lines to add to your htaccess file
passed all hackersafe.com testing during teh past year

Good Luck!