Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

security issue
 
omegabk
Jr. Member
 
Total Posts:  10
Joined:  2012-01-28
 

Hello,

I’m facing some security issue on magento 1.7.0.2

I noticed that an attacker can do something like :

90.21.241.35 - - [19/Nov/2012:10:52:57 +0100] “GET /function%20each(iterator,%20context)%20{%20var%20index%20=%200;%20try%20{%20this._each(function%20(value)%20{iterator.call(context,%20value,%20index++);});%20}%20catch%20(e)%20{%20if%20(e%20!=%20$break)%20{%20throw%20e;%20}%20}%20return%20this;} HTTP/1.1” 404 8833

in error log What I got :

[Mon Nov 19 10:52:59 2012] [error] [client 90.21.241.35] (36)File name too long: access to /function zip() { var iterator = Prototype.K, args = $A(arguments); if (Object.isFunction(args.last())) { iterator = args.pop(); } var collections = [this].concat(args).map($A); return this.map(function (value, index) {return iterator(collections.pluck(index));});} failed, referer: http://www.xxxxxx.com/

Someone can tell me how to fix that ?

Best regards,

Omega BK

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  285
Joined:  2009-01-20
 

I’d get some sort of intrusion detection system on.  If you have full control of your server have a look at mod_security otherwise have a look at my extension in my signature.

 
Magento Community Magento Community
Magento Community
Magento Community
 
davenurave
Jr. Member
 
Total Posts:  11
Joined:  2012-09-14
 

Make sure that you’ve got strong credentials, that’ll make it tough for intruders to get in. here’s a good post on security.

Check out the service which has posted -they do some kind of monitoring for magento.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top