Security Gap osCommerce

Creating an online store is now easily done by the developers. Moreover, existing osCommerce which became one of the quickest and easiest option to create an online store with some setting that is not too difficult. But even so, there lurked the danger of this osCommerce engine. Well, if you have a website using osCommerce please review the following gap, at least not until your site burglarized by people who are not interested in the future.

Scareware distributors recently managed to find security holes found on the websites with osCommerce engine, this is done by implementing BHSEO campaign. The level of attacks are shown to the public and shows the script that became the cause of hackers easily broken server.

This security hole was actually already opened since August 31, 2009 is in fact already started to be published on Milw0rm by a user with the nickname Flyh4t. The security adviser, which is published by the firm Secunia explained about this vulnerability as an error in the authentication mechanism that can be exploited to bypass authentication and gain access to the admin folder as well as administration pages.

According to a report from Unmask parasites, after these exploits, some existing PHP scripts on the server following the targeted attacks, which a few examples of these files is mm.php, sh1.php, betty.php and lname.php.

For the script file itself betty.php aims to generate a URL with the format: http://namadomain.com/betty.php?q=keywords which would then be indexed by search engines and generate search results for terms as keywords earlier. HTML script is finally stored in the cache directory.

While the script can turn pages lname.php visitors to malicious sites which are pages that offer anti-virus hoax. Scareware own party through this campaign fairly new and have the ability to detect low-level AV on VirusTotal.

For mm.php script used to upload files to the server directly. While the script is used as sh1.php PHP web shell. If you find some files of this type in the web server might have dieksploit server. Unmask parasites also stressed that "Google Webmaster Tools can help you to detect the attack. Report 'search queries' that had to be able to express other security problems, so at least by using this GWT once a week would be very helpful at all. "

Until this news was published, handling and repair of the osCommerce project itself had not yet appeared, and this seems to occur even in version osCommerce 2.2 RC2a. However this attack can be prevented by limiting access to the directory through the settings in admin. Htaccess. Or if you want you can rename this directory and delete the file-manager.php to enhance your osCommerce site security.