From owner-freebsd-questions@FreeBSD.ORG Tue Dec 7 22:11:10 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57F23106566B for ; Tue, 7 Dec 2010 22:11:10 +0000 (UTC) (envelope-from jbiquez@intranet.com.mx) Received: from intranet.com.mx (intranet.com.mx [200.33.246.7]) by mx1.freebsd.org (Postfix) with ESMTP id 4412C8FC14 for ; Tue, 7 Dec 2010 22:11:09 +0000 (UTC) Received: from PC2.intranet.com.mx (189.241.38.112) by intranet.com.mx with ESMTP (EIMS X 3.3.9) for ; Tue, 7 Dec 2010 16:12:11 -0600 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Tue, 07 Dec 2010 16:10:38 -0600 To: FreeBSD From: Jorge Biquez In-Reply-To: <20101207170441.77f0f6ed@scorpio> References: <3374599093-437630056@intranet.com.mx> <3374602400-437630107@intranet.com.mx> <20101207170441.77f0f6ed@scorpio> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Message-ID: <3374604733-437630128@intranet.com.mx> Subject: Re: Shopping cart other than OSCommerce? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Dec 2010 22:11:10 -0000 At 04:04 p.m. 07/12/2010, you wrote: >On Tue, 07 Dec 2010 15:32:06 -0600 >Jorge Biquez articulated: > > > At 03:01 p.m. 07/12/2010, Chuck Swiger wrote: > > >On Dec 7, 2010, at 12:36 PM, Jorge Biquez wrote: > > > > With a provider where I had a dedicated server, not running > > > FreeBsd , the entire server was hacked and before leaving them, the > > > tech support people said that the hacking was because of a problem > > > with some libraries under PHP AND OSCOMMERCE. They never could > > > prove that but I leave them since the entire server was hacked, not > > > information stolen but ONLY that$ all web pages (.html, .php) > > > pages where changed, all under different domains and account > > > jailed (?) using CPANEL. Anyway. I am not sure how sensible is > > > OSCCOmmerce to that since I know it is very popular but I would > > > like to test something else. > > > > > >30 seconds with a Google search suggests that osCommerce has > > >unpatched security vulnerabilities which do lead to compromise of > > >admin and arbitrary PHP code execution: > > > > > > http://secunia.com/advisories/product/1308/ > > > > > >"Affected By 7 Secunia advisories > > > 44 Vulnerabilities > > > > > >Unpatched 29% (2 of 7 Secunia advisories) > > > > > >Most Critical Unpatched > > >The most severe unpatched Secunia advisory affecting osCommerce 2.x, > > >with all vendor patches applied, is rated Highly critical." > > > > > > http://secunia.com/advisories/33446/ > > > > > >"1) The application allows users to perform certain actions via HTTP > > >requests without performing any validity checks to verify the > > >requests. This can be exploited to e.g. create additional > > >administrator accounts by tricking an administrative user into > > >visiting a malicious web site. > > > > > >2) An error in the authentication mechanism can be exploited to > > >bypass authentication checks and gain access to the administrative > > >interface in the "admin/" folder. > > > > > >Successful exploitation allows to upload and execute arbitrary PHP > > >code e.g. via the file_manager.php script." > > > > > >In other words, your former site's tech support people were likely > > >right-- the site was almost certainly hacked because of > > >osCommerce. Find something else, preferably something which is not > > >based upon PHP. > > > > Thanks for the time and rapid response Mr Chuck. > > > > Yes. Seems like the guilty one was OSCommerce. I am looking exactly > > for other option, as you say maybe not PHP ones and that's why asked > > for advice based on experinces of what people is using. I am looking > > for python option also. My needs are very simple, even a catalog of > > products without the shopping cart will be enough. I am also looking > > options that let you add modules. I want to continue using Freebsd, > > continue learning and also solve a personal need. > > Of course the idea is not to start a war between PHP lovers and any > > other language, but options and suggestions are very welcome. Anyway. > > I will continue searching. And when I find the solution will posted > > here , maybe could be of help to someone. > > > > By the way. It is great to receive advise from people like you all > > guys. I have been on the list for several years and I always learn > > something , always. > >Seriously, have you tried Googling for a potential solution? I just >spent a few minutes and found several candidates. > >-- >Jerry =E2=9C=8C >FreeBSD.user@seibercom.net > >Disclaimer: off-list followups get on-list replies or get ignored. >Please do not ignore the Reply-To header. >__________________________________________________________________ Hello. I have found several already with Google.... just=20 not sure what path to follow and that's why I=20 wanted to know what suggestions other has on what=20 are using actually under Freebsd. Of course there=20 are several ones, some look very good and promising.... yes. Thanks in advance Jorge Biquez