Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
Previous Page
Author « Topic »
Page: of 2

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 10/11/2019 :  13:11:38  
Ok, I removed those pages and we changed the db password and user name.

Vince
Administrator

42428 Posts

Posted - 10/11/2019 :  16:03:18  
Hi Steven
The latest update that went out addresses a security issue. From your logs I don't think this is being exploited on your site, but to be on the safe side, I would apply the latest updater.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 10/11/2019 :  16:06:59  
Thanks. We updated earlier today.

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 10/12/2019 :  04:50:05  
Im not sure if this has anything to do with it, but a ip from the UK left a bunch of code using the ratings system and I also noticed a different ip tried, but failed to login to the admin.

Phil
ECT Moderator

United Kingdom
7609 Posts

Posted - 10/12/2019 :  04:56:26  
Hi Steven,
All that will get sanitized so there's nothing to worry about there. I would however clear them all away and add Google Recaptcha to the reviews.

Are your stock levels okay today or have they been compromised again?



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*

*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 10/12/2019 :  05:15:12  
Thanks Phil.

No changes to the inventory today. It happened a few times yesterday.
I've updated to 7.16, I guess I have to wait and see.
There is a recaptcha on the review form.

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 10/14/2019 :  18:36:43  
Ok, it happened again a few hours ago. Im in bind here. My web guy is at a loss. We have tried everything and its still happening.

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 10/15/2019 :  03:21:19  
Its happened again, within the last 2 hours. Where do I go from here this is crazy. I spoke to my hosting company and they
see no problems in the logs. So who do I hire to fix such a thing?

Phil
ECT Moderator

United Kingdom
7609 Posts

Posted - 10/15/2019 :  04:09:56  
If you login to your FTP
Outside the root directory where the public_html directory resides there should be a file named .lastlogin, this contains the ip addresses and time stamps for cpanel logins.
Just have a look in there and see if there's anything untoward.

I'm sure the host will have looked in there though. Maybe the host can move the database to another server and see if that helps at all?

Apart from that, and without looking at your logs I can't help you any more. If you want me to take a look for you that's no problem, but if the host has looked properly there's obviously nothing obvious there.



* Database Migrations and Conversions*
* ASP to PHP Cart Conversions*

*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

Edited by - Phil on 10/15/2019 04:12:52

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 10/15/2019 :  06:06:30  
Login file to cpanel looks good Phil.

I would appreciate the extra help. Ill send you an email.

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 10/21/2019 :  11:55:55  
Vince now knows about the problem I had and fixed it for me this weekend.
No more anonymous orders that will be crashing the site. Thanks for everyone's help!

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 09/01/2021 :  07:37:25  
Seems like the bot is back to hitting my sites cart to place orders. I need help asap because its causing havoc with inventory quantities.

Marshall
Ecommerce Template Guru

USA
1874 Posts

Posted - 09/01/2021 :  08:26:44  
If you are using the PHP version, make this modification to the vsadmin/inccart.php file. I use this trick on several sites without any problems. Just a reminder though, it is a modification to a core file which will be overwritten with updates. And you can change the redirect URL, but I think you will find the image funny.

Look for the below statement:
var regex=/[^@]+@[^@]+\.[a-z]{2,}$/i;
if(!regex.test(frm.email.value)){
alert("<?php print jscheck($GLOBALS['xxValEm'])?>");
frm.email.focus();
return(false);
}

Replace it with this

var regex=/[^@]+@[^@]+\.[a-z]{2,}$/i;
if(frm.email.value=="netsparker@example.com") {
window.location.href="https://ih1.redbubble.net/image.717939983.4497/flat,750x,075,f-pad,750x1000,f8f8f8.u6.jpg";
return(false);
}
else if(!regex.test(frm.email.value)){
alert("<?php print jscheck($GLOBALS['xxValEm'])?>");
frm.email.focus();
return(false);
}

This assumes it is always the same email. And being server side, disabling JavaScript will have no effect.

You can also do it going after the phone number.

Look for:
if(frm.phone.value=="") return(chkfocus(frm.phone,"<?php print jscheck($GLOBALS['xxPlsEntr'] . ' "' . $GLOBALS['xxPhone'])?>\"."));

Replace with

if(frm.phone.value=="5234534558") {
window.location.href="https://ih1.redbubble.net/image.717939983.4497/flat,750x,075,f-pad,750x1000,f8f8f8.u6.jpg";
return(false);
}
else if(frm.phone.value=="") return(chkfocus(frm.phone,"<?php print jscheck($GLOBALS['xxPlsEntr'] . ' "' . $GLOBALS['xxPhone'])?>\"."));


Marshall
CENLYT Productions - ms designs
Affordable Web Design
Custom Ecommerce Designs
Responsive Websites
Cenlyt.com

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 09/01/2021 :  08:36:03  
Marshall thats funny!!

Am not a coding person, so please bear with me.
I correct in thinking that this will only stop the netsparker@example.com bot?

Marshall
Ecommerce Template Guru

USA
1874 Posts

Posted - 09/01/2021 :  10:29:30  
Yes, it will only stop the designated email, or phone number if you use that option.

Marshall
CENLYT Productions - ms designs
Affordable Web Design
Custom Ecommerce Designs
Responsive Websites
Cenlyt.com

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 09/01/2021 :  10:59:15  
Marshall, interesting I searched that email and found another canceled bot order from 2 years ago. But there have been more from different emails.

Marshall
Ecommerce Template Guru

USA
1874 Posts

Posted - 09/01/2021 :  15:02:26  
This should work

if(frm.email.value=="netsparker@example.com" or "another email" or "another email") {

But I would double check with someone who is better versed in PHP than me.

Marshall
CENLYT Productions - ms designs
Affordable Web Design
Custom Ecommerce Designs
Responsive Websites
Cenlyt.com

John M
Advanced Member

457 Posts

Posted - 09/01/2021 :  18:27:01  
A nslookup on the IP address goes to ip117.208-100-0.static.steadfastdns.net
A whois on steadfastdns.net shows the Registrar: Google LLC
Send a complaint email to the following Registrar Abuse Contact Email: registrar-abuse@google.com
Send a complaint email to steadfast: abuse@steadfast.net
In your firewall block 208.100.0.0/24 which are all from steadfast.
If you are still getting issues from other 208.100.x.x ip addresses then in your firewall block 208.100.0.0/18 which will block steadfast completely out.

John

Edited by - John M on 09/01/2021 19:05:55

steven vaccaro
Ecommerce Template Guru

USA
1007 Posts

Posted - 09/02/2021 :  06:55:01  
John, thats great info and I'll go that.

But at this point it seems very important for the guys at Ecommerce to figure were the hole is in the software that's letting them in. We are all at risk.
Page: of 2 « Topic »  
Previous Page
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.03 seconds. Snitz Forums 2000