At 04:04 p.m. 07/12/2010, you wrote:
On Tue, 07 Dec 2010 15:32:06 -0600
Jorge Biquez <jbiq...@intranet.com.mx> articulated:
> At 03:01 p.m. 07/12/2010, Chuck Swiger wrote:
> >On Dec 7, 2010, at 12:36 PM, Jorge Biquez wrote:
> > > With a provider where I had a dedicated server, not running
> > FreeBsd , the entire server was hacked and before leaving them, the
> > tech support people said that the hacking was because of a problem
> > with some libraries under PHP AND OSCOMMERCE. They never could
> > prove that but I leave them since the entire server was hacked, not
> > information stolen but ONLY that$ all web pages (.html, .php)
> > pages where changed, all under different domains and account
> > jailed (?) using CPANEL. Anyway. I am not sure how sensible is
> > OSCCOmmerce to that since I know it is very popular but I would
> > like to test something else.
> >
> >30 seconds with a Google search suggests that osCommerce has
> >unpatched security vulnerabilities which do lead to compromise of
> >admin and arbitrary PHP code execution:
> >
> > http://secunia.com/advisories/product/1308/
> >
> >"Affected By 7 Secunia advisories
> > 44 Vulnerabilities
> >
> >Unpatched 29% (2 of 7 Secunia advisories)
> >
> >Most Critical Unpatched
> >The most severe unpatched Secunia advisory affecting osCommerce 2.x,
> >with all vendor patches applied, is rated Highly critical."
> >
> > http://secunia.com/advisories/33446/
> >
> >"1) The application allows users to perform certain actions via HTTP
> >requests without performing any validity checks to verify the
> >requests. This can be exploited to e.g. create additional
> >administrator accounts by tricking an administrative user into
> >visiting a malicious web site.
> >
> >2) An error in the authentication mechanism can be exploited to
> >bypass authentication checks and gain access to the administrative
> >interface in the "admin/" folder.
> >
> >Successful exploitation allows to upload and execute arbitrary PHP
> >code e.g. via the file_manager.php script."
> >
> >In other words, your former site's tech support people were likely
> >right-- the site was almost certainly hacked because of
> >osCommerce. Find something else, preferably something which is not
> >based upon PHP.
>
> Thanks for the time and rapid response Mr Chuck.
>
> Yes. Seems like the guilty one was OSCommerce. I am looking exactly
> for other option, as you say maybe not PHP ones and that's why asked
> for advice based on experinces of what people is using. I am looking
> for python option also. My needs are very simple, even a catalog of
> products without the shopping cart will be enough. I am also looking
> options that let you add modules. I want to continue using Freebsd,
> continue learning and also solve a personal need.
> Of course the idea is not to start a war between PHP lovers and any
> other language, but options and suggestions are very welcome. Anyway.
> I will continue searching. And when I find the solution will posted
> here , maybe could be of help to someone.
>
> By the way. It is great to receive advise from people like you all
> guys. I have been on the list for several years and I always learn
> something , always.
Seriously, have you tried Googling for a potential solution? I just
spent a few minutes and found several candidates.
--
Jerry â
freebsd.u...@seibercom.net
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
Hello.
I have found several already with Google.... just
not sure what path to follow and that's why I
wanted to know what suggestions other has on what
are using actually under Freebsd. Of course there
are several ones, some look very good and promising.... yes.
Thanks in advance
Jorge Biquez
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
