Hello all.
Thanks for the time and rapid response Mr Chuck.
Yes. Seems like the guilty one was OSCommerce. I am looking exactly
for other option, as you say maybe not PHP ones and that's why asked
for advice based on experinces of what people is using. I am looking
for python option also. My needs are very simple, even a catalog of
products without the shopping cart will be enough. I am also looking
options that let you add modules. I want to continue using Freebsd,
continue learning and also solve a personal need.
Of course the idea is not to start a war between PHP lovers and any
other language, but options and suggestions are very welcome. Anyway.
I will continue searching. And when I find the solution will posted
here , maybe could be of help to someone.
By the way. It is great to receive advise from people like you all
guys. I have been on the list for several years and I always learn
something , always.
Thanks to all
Jorge Biquez
At 03:01 p.m. 07/12/2010, Chuck Swiger wrote:
On Dec 7, 2010, at 12:36 PM, Jorge Biquez wrote:
> With a provider where I had a dedicated server, not running
FreeBsd , the entire server was hacked and before leaving them, the
tech support people said that the hacking was because of a problem
with some libraries under PHP AND OSCOMMERCE. They never could
prove that but I leave them since the entire server was hacked, not
information stolen but ONLY that$ all web pages (.html, .php)
pages where changed, all under different domains and account
jailed (?) using CPANEL. Anyway. I am not sure how sensible is
OSCCOmmerce to that since I know it is very popular but I would
like to test something else.
30 seconds with a Google search suggests that osCommerce has
unpatched security vulnerabilities which do lead to compromise of
admin and arbitrary PHP code execution:
http://secunia.com/advisories/product/1308/
"Affected By 7 Secunia advisories
44 Vulnerabilities
Unpatched 29% (2 of 7 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting osCommerce 2.x,
with all vendor patches applied, is rated Highly critical."
http://secunia.com/advisories/33446/
"1) The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. create additional
administrator accounts by tricking an administrative user into
visiting a malicious web site.
2) An error in the authentication mechanism can be exploited to
bypass authentication checks and gain access to the administrative
interface in the "admin/" folder.
Successful exploitation allows to upload and execute arbitrary PHP
code e.g. via the file_manager.php script."
In other words, your former site's tech support people were likely
right-- the site was almost certainly hacked because of
osCommerce. Find something else, preferably something which is not
based upon PHP.
Regards,
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
