osC_Sec is a 'security include' addon that gets down to the point quick smart.
The primary function of osC_Sec is to provide a specific security patch to the known security issues that have plagued osCommerce based websites. osC_Sec also provides a filtering system to catch and prevent typical database attacks as well as attempt to upload files and use remotely hosted files to do damage to your website content.
- Checks user input for obsfuscated base_64 encoded strings
- Matches all user input POST variables against a blacklist
- Matches all user input GET variables against a blacklist
- Catch attempts to remotely or locally read or include malicious files
- Filter for MYSQL database injection attempts
- Filter for noDB injection attempts
- Filter cookies for HTTP response splitting and database injection attempts
- Set the correct filename for $PHP_SELF
- Matches all site URLs against a blacklist
- Filters all GET queries against a whitelist of allowed characters
- Checks all server requests types for malformed requests
- Optional writes the IP address of banned requests to the htaccess file, thus preventing further access to the site by that IP
- Prevents direct loading of the osc_Sec files
- Prevent spamming via Tell A Friend scripts
- Lower the information signature leaked by webservers to attackers as part of their intel gathering
- Get the real ip address
- Blocks bad web spidering (DEV)
- Written in PHP 4.x class format
- Optional email notification of attack attempts
- Compatible with IP Trap and Sitemonitor
Who should use it?
- Users of Oscommerce versions earlier than 2.3
- If your site has been hacked before
- If your site gets heavy attention from malware exploiters and you wish to lower the bandwidth being used by these attacks.
See readme.htm for install instructions