Patch Version: 1.0
Platform: osCommerce

Problem:
Bots and hackers are scanning your site, taking up bandwidth and possibly obtaining information they can use to hack your store.

Solution:
The "Sanitizer" is an osCommerce 2.2 add-on that cleans the HTTP GET Parameters, removing references to foreign web sites and unexpected characters within the GET parameters.

Hackers are known to attempt to gain access to your site by accessing your site and using GET variables that contain a URL. Have you ever taken a look at your Who's Online report and seen an item like this:
/product_info.php?cPath=http://somesite.ru/cs.txt

In most cases, these attempts will be unsuccessful. But if you have an older version of osCommerce, or some third party code that has not been fully protected against attackes of this type, or your site has already been compromized, behavior such as this can be used by the hackers to perform actions on your site.

To stop this, we've developed a very simple fix that allows your site to recognize attempts such as these and remove the offending data. Further, if you also are using our IP Blocker Patch, this Patch works with that to add the IP Address of the user to the Blocked IP list, so these people will be permanently blocked from your site.

This fix is compatible with PHPv4.0.2 and above and all versions of MySQL.