Date: Tue, 07 Dec 2010 16:10:38 -0600 From: Jorge Biquez <jbiquez@intranet.com.mx> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Shopping cart other than OSCommerce? Message-ID: <3374604733-437630128@intranet.com.mx> In-Reply-To: <20101207170441.77f0f6ed@scorpio> References: <3374599093-437630056@intranet.com.mx> <DB1524B8-BBC3-446C-A72A-59E981DD29B3@mac.com> <3374602400-437630107@intranet.com.mx> <20101207170441.77f0f6ed@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:04 p.m. 07/12/2010, you wrote: >On Tue, 07 Dec 2010 15:32:06 -0600 >Jorge Biquez <jbiquez@intranet.com.mx> articulated: > > > At 03:01 p.m. 07/12/2010, Chuck Swiger wrote: > > >On Dec 7, 2010, at 12:36 PM, Jorge Biquez wrote: > > > > With a provider where I had a dedicated server, not running > > > FreeBsd , the entire server was hacked and before leaving them, the > > > tech support people said that the hacking was because of a problem > > > with some libraries under PHP AND OSCOMMERCE. They never could > > > prove that but I leave them since the entire server was hacked, not > > > information stolen but ONLY that$ all web pages (.html, .php) > > > pages where changed, all under different domains and account > > > jailed (?) using CPANEL. Anyway. I am not sure how sensible is > > > OSCCOmmerce to that since I know it is very popular but I would > > > like to test something else. > > > > > >30 seconds with a Google search suggests that osCommerce has > > >unpatched security vulnerabilities which do lead to compromise of > > >admin and arbitrary PHP code execution: > > > > > > http://secunia.com/advisories/product/1308/ > > > > > >"Affected By 7 Secunia advisories > > > 44 Vulnerabilities > > > > > >Unpatched 29% (2 of 7 Secunia advisories) > > > > > >Most Critical Unpatched > > >The most severe unpatched Secunia advisory affecting osCommerce 2.x, > > >with all vendor patches applied, is rated Highly critical." > > > > > > http://secunia.com/advisories/33446/ > > > > > >"1) The application allows users to perform certain actions via HTTP > > >requests without performing any validity checks to verify the > > >requests. This can be exploited to e.g. create additional > > >administrator accounts by tricking an administrative user into > > >visiting a malicious web site. > > > > > >2) An error in the authentication mechanism can be exploited to > > >bypass authentication checks and gain access to the administrative > > >interface in the "admin/" folder. > > > > > >Successful exploitation allows to upload and execute arbitrary PHP > > >code e.g. via the file_manager.php script." > > > > > >In other words, your former site's tech support people were likely > > >right-- the site was almost certainly hacked because of > > >osCommerce. Find something else, preferably something which is not > > >based upon PHP. > > > > Thanks for the time and rapid response Mr Chuck. > > > > Yes. Seems like the guilty one was OSCommerce. I am looking exactly > > for other option, as you say maybe not PHP ones and that's why asked > > for advice based on experinces of what people is using. I am looking > > for python option also. My needs are very simple, even a catalog of > > products without the shopping cart will be enough. I am also looking > > options that let you add modules. I want to continue using Freebsd, > > continue learning and also solve a personal need. > > Of course the idea is not to start a war between PHP lovers and any > > other language, but options and suggestions are very welcome. Anyway. > > I will continue searching. And when I find the solution will posted > > here , maybe could be of help to someone. > > > > By the way. It is great to receive advise from people like you all > > guys. I have been on the list for several years and I always learn > > something , always. > >Seriously, have you tried Googling for a potential solution? I just >spent a few minutes and found several candidates. > >-- >Jerry =E2=9C=8C >FreeBSD.user@seibercom.net > >Disclaimer: off-list followups get on-list replies or get ignored. >Please do not ignore the Reply-To header. >__________________________________________________________________ Hello. I have found several already with Google.... just=20 not sure what path to follow and that's why I=20 wanted to know what suggestions other has on what=20 are using actually under Freebsd. Of course there=20 are several ones, some look very good and promising.... yes. Thanks in advance Jorge Biquez
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3374604733-437630128>