|
Over the years, Ausweb has been observing a pattern in OSCommerce customer sites.
Due to a combination of version antiquity, inadequate permissions, lack of patching or upgrading, there has been a disproportionate amount of OSCommerce sites found to be compromised by various methods, such as iFrame or SQL injection. Here at Ausweb this deeply concerns us, as we must administer and suspend problematic accounts until issues are resolved, which can further create hassles for customers.
These hassles are at best, downtime until the issue is resolved. Also including things such as downtime, loss of data, or even worse, harm to the viewer's computer, or the information of your customers. Hassles which can be avoided!
The OSCommerce issue has become somewhat of an epidemic, as Ellen Mesmer writes for Network World:
About 100,000 Web pages for e-commerce sites based on the open source OS Commerce software have been compromised with malware through a mass iFrame injection attack, according to security firm Armorize.
The ongoing mass-injection attacks appear to be carried out from Ukraine against the e-commerce sites. The sites that are successfully attacked are compromised with malware which is then used to try and attack visitors to these e-commerce sites, said Wayne Huang, chief technology officer at Armorize.
While attacks across the Web are not uncommon, Huang says this one is notable because it's a mass-injection type of attack that's reminiscent of attacks that were carried out about three years ago in high frequency but are not as common today.
The attackers "may be leveraging a known vulnerability" in the open-source software, Huang says, adding that attackers tend to lurk and watch for any information that's shared publicly about newly found vulnerabilities in software.
Read on: http://www.networkworld.com/news/2011/072811-ecommerce-attack.html
Whilst we realize switching between platforms is a big task, which in the immediate term is unrealistic; and not all OSCommerce stores are made equal, we would like to stress, software must be patched and up to date. We also recommend downloading and installing the following security pack, to patch some current vulnerabilities:
http://addons.oscommerce.com/info/7834
Ausweb would recommend switching to/initiating an e-Commerce store with Magento or Opencart
- Articles In This Category
- More from this CategoryNews > NewsflashAre you a Distribute IT customer (Registered a domain with us before the 5th June 2011)? You might have been affected by the outages of Distribute IT'...News > NewsflashAusweb has been advised by our legacy registrar Distribute IT that .co.uk customer domains have been migrated to a new IPS TAG, namely PLANETDOMAIN-AU...
- Latest Articles
- Latest ArticlesTutorials > Email Tutorial : FAQ for Email setupThis guide will help you configure your AUSWEB hosted email address with Outlook 2010....Tutorials > Email Tutorial : FAQ for Email setupThis guide will help you setup and configure your AUSWEB hosted email address with Windows Live Mail (Outlook 2011)....Tutorials > Partner (Affiliate) Guide1. Visit http://partner.ausweb.com.au and click “Join Now” from the top navigation bar (or click the shiny green “Sign Up Now” button....Tutorials > Website Security/Upgrade IssuesAfter installing an SSL, a commmon subsequent issue (in most modern browsers) is the the dreaded "Connection Partially Encrypted" warning. The er...Tutorials > Customer TestimonialsNow that you know about us, from us - this page is dedicated to what our customers think...
- Most Read Articles
- Most Read ArticlesTutorials > Joomla FAQA vulnerable extension is one that has been found to contain, or contribute to, a security vulnerability. Vulnerable extensions are not necessarily p...Tutorials > phpBB Forum HostingFinally, after a long wait, phpBB3 has been released, and its relatively easy to upgrade your existing phpBB installation. phpBB3 introduces hundreds...Tutorials > phpBB Forum HostingThis video tutorial will show you how to create a new topic in phpBB3....Tutorials > phpBB Forum HostingThis video tutorial will show you how to set up a poll when starting a new topic in phpBB3...Tutorials > phpBB Forum HostingphpBB3 is the latest update to the phpBB series, incorporating a plethora of new features, speed, stability and security improvements, and is much eas...
| Next > |
|---|
