![]() Much has changed since then, and we're glad to announce we're now in a position to invest in our own secure files solution, which is well underway and in development. This architecture allowed us to focus on building a frontend solution without requiring the heavy infrastructure required to build a scalable backend file-hosting architecture, which we weren't yet ready to undertake in 2018. This means that files are encrypted by us but stored in your Dropbox or Google Drive. For existing users who have the FileSafe extension installed, FileSafe will remain accessible indefinitely.įileSafe was launched in 2018 as our concept file storage solution, and uses a bring-your-own-cloud model to store your files. Protect your querystring from attacks by installing Security Pro ( find it in osCommerce addons ).Starting February 9, 2022, FileSafe will be deprecated and no longer offered to new users. Recommended Additional Security Measures: This will force the system to run a check and you should get a run report and an "identified" report which will have identified the new and the modified file. ( where my_password is what you set authentication_value to in kiss_filesafe.ini ). KISS FileSafe paused 0 time(s) to unload server for a total of 0 secondsġ) Add a new file to your system - hacktest.php or something.Ģ) Download an existing file then re upload it again ( changes the last modified time ).ģ) Force the system to run by browsing to filesafe.php adding the authentication password. ![]() errors.txt or something I will consider adding the file to the ignore_files list.Įvery time KISS FileSafe runs it will send a run report via email. If it turns out to be a constantly changing valid file e.g. If it looks worrying I will overwrite the file with my backup ask my hosts to look at the file and check how it was modified. My Reaction: I shall download the file and check it against my last backup. My Reaction: I shall reset the KISS FileSafe system which will then accept this modified file as safe. a cache file or something I may add the directory to the ignore list.Ģ) KISS FileSafe reports that an existing file has been modified. If it had a valid reason to be there e.g. My Reaction: I shall download the file and check it, if there is no valid reason for the file to exist I will delete it and ask my hosts to look at the file and check how it got there. My Reaction: I shall reset the KISS FileSafe system which will then accept this new file as safe.Īnswer N0 I DIDN'T: - all may not be well. It is impossible to cover the constantly changing hacking vectors and to attempt to do so with little knowledge is more dangerous than helpful so what this script does is the necessary basics following the below simple reasoning: -ġ) KISS FileSafe reports that a new file has been added. The only bodies able to take an effective blacklist approach to hacking vectors are professional organisations like Emsisoft/Ikarus. Let's be frank here, security at the code level must be a simple process, ideally taking a whitelist approach. ![]() Some are even trying to emulate an anti virus system. Yes there are, and some are extremely complex. ![]() There are other scripts that do this type of thing Also of course it let's you know that nothing has happened to your files providing peace of mind. KISS FileSafe is a simple but effective script which will inform you if and when a file is introduced to your application or an existing file is modified giving you the opportunity to deal with the problem early armed with the knowledge of the actual files in question and their location.ĭisclaimer: KISS FileSafe does NOT stop your application from being hacked it informs you of newly introduced or modified files allowing you take prompt and informed action. This could just be a simple defacement or could be the critical stealing of private customer information, either way it is undesireable and needs to be managed. There are many posts in the osCommerce forums about "being hacked", whether the intrusion was via the server or via a security hole in your specific application most often it ends up with your files being modified to suit a hacking purpose. What is KISS FileSafe? ( KISS means Keep It Simple Stupid! ) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |