From owner-freebsd-questions@FreeBSD.ORG Tue Dec 7 21:32:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9A0D106566B for ; Tue, 7 Dec 2010 21:32:13 +0000 (UTC) (envelope-from jbiquez@intranet.com.mx) Received: from intranet.com.mx (intranet.com.mx [200.33.246.7]) by mx1.freebsd.org (Postfix) with ESMTP id 91F818FC0A for ; Tue, 7 Dec 2010 21:32:13 +0000 (UTC) Received: from PC2.intranet.com.mx (189.241.38.112) by intranet.com.mx with ESMTP (EIMS X 3.3.9) for ; Tue, 7 Dec 2010 15:33:19 -0600 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 X-Priority: 1 (Highest) Date: Tue, 07 Dec 2010 15:32:06 -0600 To: Free BSD Questions list From: Jorge Biquez In-Reply-To: References: <3374599093-437630056@intranet.com.mx> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-ID: <3374602400-437630107@intranet.com.mx> Subject: Re: Shopping cart other than OSCommerce? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Dec 2010 21:32:14 -0000 Hello all. Thanks for the time and rapid response Mr Chuck. Yes. Seems like the guilty one was OSCommerce. I am looking exactly for other option, as you say maybe not PHP ones and that's why asked for advice based on experinces of what people is using. I am looking for python option also. My needs are very simple, even a catalog of products without the shopping cart will be enough. I am also looking options that let you add modules. I want to continue using Freebsd, continue learning and also solve a personal need. Of course the idea is not to start a war between PHP lovers and any other language, but options and suggestions are very welcome. Anyway. I will continue searching. And when I find the solution will posted here , maybe could be of help to someone. By the way. It is great to receive advise from people like you all guys. I have been on the list for several years and I always learn something , always. Thanks to all Jorge Biquez At 03:01 p.m. 07/12/2010, Chuck Swiger wrote: >On Dec 7, 2010, at 12:36 PM, Jorge Biquez wrote: > > With a provider where I had a dedicated server, not running > FreeBsd , the entire server was hacked and before leaving them, the > tech support people said that the hacking was because of a problem > with some libraries under PHP AND OSCOMMERCE. They never could > prove that but I leave them since the entire server was hacked, not > information stolen but ONLY that$ all web pages (.html, .php) > pages where changed, all under different domains and account > jailed (?) using CPANEL. Anyway. I am not sure how sensible is > OSCCOmmerce to that since I know it is very popular but I would > like to test something else. > >30 seconds with a Google search suggests that osCommerce has >unpatched security vulnerabilities which do lead to compromise of >admin and arbitrary PHP code execution: > > http://secunia.com/advisories/product/1308/ > >"Affected By 7 Secunia advisories > 44 Vulnerabilities > >Unpatched 29% (2 of 7 Secunia advisories) > >Most Critical Unpatched >The most severe unpatched Secunia advisory affecting osCommerce 2.x, >with all vendor patches applied, is rated Highly critical." > > http://secunia.com/advisories/33446/ > >"1) The application allows users to perform certain actions via HTTP >requests without performing any validity checks to verify the >requests. This can be exploited to e.g. create additional >administrator accounts by tricking an administrative user into >visiting a malicious web site. > >2) An error in the authentication mechanism can be exploited to >bypass authentication checks and gain access to the administrative >interface in the "admin/" folder. > >Successful exploitation allows to upload and execute arbitrary PHP >code e.g. via the file_manager.php script." > >In other words, your former site's tech support people were likely >right-- the site was almost certainly hacked because of >osCommerce. Find something else, preferably something which is not >based upon PHP. > >Regards, >-- >-Chuck > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"