Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
 All Forums
 Technical
 WordPress for Ecommerce Templates
 Blocked from our website
Author « Topic »  

JustDucky923
Ecommerce Template Guru

USA
1332 Posts

Posted - 01/11/2022 :  07:35:45  
My client contacted me this morning and the computers at the their office are showing this message when they try to visit their website:

We apologize but you have been automatically flagged and blocked from this website.
Please contact us via our customer service email to have this rectified.

The site is: alkydigger.net -- I am able to visit the site with no problems and also log into the admin with no issues.

Any ideas?

Vince
Administrator

42428 Posts

Posted - 01/12/2022 :  04:14:32  
Hi there
It just looks like their IP address has been automatically added to the IP Blocking. Can you log in to the admin, go to the Store Admin -> IP blocking page and remove their IP address.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

JustDucky923
Ecommerce Template Guru

USA
1332 Posts

Posted - 01/12/2022 :  07:14:15  
I did check that. It seems that most everyone - although not everyone, I can log in - is getting that same message. Most of their customers are telling them the same thing.

Their IT person has found that they have been hacked (yet again). We are in the process of fixing it now.

My first thought was that it was coming from ECT, but it looks like it is not. Their security is Sucuri and it was from there.

Eman
Starting Member

USA
9 Posts

Pre-sales questions only
(More Details...)

Posted - 01/12/2022 :  17:22:32  
Hi,
This is Eric. I am working with Kelly on the alkydigger.com site. I have had Inmotion hosting and Sucuri site security check everything on their ends to fix the problem with most, but not all, all visitors getting blocked when trying to access the store catalog through the products.php link. The site was attcked by hackers, but I had Sucuri advanced firewall set to high and the firewall blocked most of the attack with real-time virtual patching. However the site did get some damage and some of the WP files needed to be cleaned. I have exhausted Inmotion and Sucuri support. They are saying that everything is ok on their ends, and they are saying that the ecommerce software is internally generating the block. I checked the IP block settings and block list and there is only about 20 blocked IP addresses listed and none of them include mine or others IPs that are being blocked. Here is a short snippet of the server error log that has a weird error referring an index.php file that does not exist and refers to Binance.com which is a cryptocurreny site. Please advise on what might be needed to fix this site. Thanks
[Wed Jan 12 06:02:18.026725 2022] [access_compat:error] [pid 9850:tid 47190091253504] [client 66.248.203.11:8202] AH01797: client denied by server configuration: /home/alkydigg/public_html/wp-content/uploads/index.php, referer: binance.com
[Wed Jan 12 06:02:12.498598 2022] [access_compat:error] [pid 9850:tid 47190084949760] [client 66.248.203.11:8062] AH01797: client denied by server configuration: /home/alkydigg/public_html/wp-content/uploads/index.php, referer: binance.com
[Wed Jan 12 06:01:51.512802 2022] [access_compat:error] [pid 9878:tid 47190093354752] [client 66.248.203.11:7294] AH01797: client denied by server configuration: /home/alkydigg/public_html/wp-content/uploads/2022/01/index.php, referer: binance.com
[Wed Jan 12 06:01:43.185823 2022] [access_compat:error] [pid 9878:tid 47190091253504] [client 66.248.203.11:7006] AH01797: client denied by server configuration: /home/alkydigg/public_html/wp-content/uploads/2022/01/index.php, referer: binance.com
[Tue Jan 11 04:57:43.008112 2022] [access_compat:error] [pid 13630:tid 47190116468480] [client 185.93.229.11:53196] AH01797: client denied by server configuration: /home/alkydigg/public_html/wp-content/uploads/index.php, referer: binance.com

Eman
Starting Member

USA
9 Posts

Pre-sales questions only
(More Details...)

Posted - 01/12/2022 :  17:31:08  
Here is the link to a screenshot of the error page we get when we click on the link to products.php on the homepage.

https://snipboard.io/DFBvW2.jpg

Eman
Starting Member

USA
9 Posts

Pre-sales questions only
(More Details...)

Posted - 01/12/2022 :  17:33:48  
I cannot access the store and get blocked, but when I go behind a VPN, I was able use the link to access the catalog.

Vince
Administrator

42428 Posts

Posted - 01/12/2022 :  23:12:32  
Hi Eman
quote:
Here is the link to a screenshot of the error page we get when we click on the link to products.php on the homepage.

https://snipboard.io/DFBvW2.jpg
This is the cart blocking your IP address. In the admin IP blocking remove the blocked IPs and this should go away.

quote:
[Tue Jan 11 04:57:43.008112 2022] [access_compat:error] [pid 13630:tid 47190116468480] [client 185.93.229.11:53196] AH01797: client denied by server configuration: /home/alkydigg/public_html/wp-content/uploads/index.php, referer: binance.com
This looks like the hackers have got a file into the uploads directory. I would check in there an maybe delete that file, "/home/alkydigg/public_html/wp-content/uploads/index.php" which they seem to be trying to access.

Vince

Click Here for Shopping Cart Software
Click Here to sign up for our newsletter
Click Here for the latest updater

Eman
Starting Member

USA
9 Posts

Pre-sales questions only
(More Details...)

Posted - 01/12/2022 :  23:28:15  
Hey Vince,

Thanks for the reply. I checked the blocked IPs in the Admin panel and my IP is not listed. There are only 35 IP addresses listed in the blocked section. We are having about 70% of visitors getting blocked from the catalog when clicking the link to products.php so the IP block list can't be blocking all those visitors.

However, if you directly type in a specific product id in the address bar using the full url name that product page for that item will come up and is not blocked.

I have checked the products.php and some of the referenced php files to try and find something fishy, but to the best of my checking I don't see any rogue code and Sucuri says that they have removed all rogue code for what that is worth.

I am banging my head on the wall with this one.

Eman
Starting Member

USA
9 Posts

Pre-sales questions only
(More Details...)

Posted - 01/12/2022 :  23:37:18  
Hey Vince,

Thanks for your help. I have found the rogue code and deleted it. Site is working. Thanks for your help.
  « Topic »  
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.03 seconds. Snitz Forums 2000