osC_Sec - osCommerce Security Addon

for osCommerce Online Merchant v2.2

osC_Sec is a 'security include' addon that gets down to the point quick smart. The primary function of osC_Sec is to provide a specific security patch to the known security issues that have plagued osCommerce based websites. osC_Sec also provides a filtering system to catch and prevent typical database attacks as well as attempt to upload files and use remotely hosted files to do damage to your website content. Features: - Checks user input for obsfuscated base_64 encoded strings - Matches all user input POST variables against a blacklist - Matches all user input GET variables against a blacklist - Catch attempts to remotely or locally read or include malicious files - Filter for MYSQL database injection attempts - Filter for noDB injection attempts - Filter cookies for HTTP response splitting and database injection attempts - Set the correct filename for $PHP_SELF - Matches all site URLs against a blacklist - Filters all GET queries against a whitelist of allowed characters - Checks all server requests types for malformed requests - Optional writes the IP address of banned requests to the htaccess file, thus preventing further access to the site by that IP - Prevents direct loading of the osc_Sec files - Prevent spamming via Tell A Friend scripts - Lower the information signature leaked by webservers to attackers as part of their intel gathering - Get the real ip address - Blocks bad web spidering (DEV) - Written in PHP 4.x class format - Optional email notification of attack attempts - Compatible with IP Trap and Sitemonitor and more.... Who should use it? - Users of Oscommerce versions earlier than 2.3 - If your site has been hacked before - If your site gets heavy attention from malware exploiters and you wish to lower the bandwidth being used by these attacks. See readme.htm for install instructions