YodasToe Posted August 4, 2004 Posted August 4, 2004 I have a customer that has not signed in yet still as guest... He is been online for 9hrs and 53 mins and has been active although his browsing been somewhat wierd... He keeps going to product info... then looking at reviews (there is none)... etc.. His cart has alot of items and some of them are duplicates.. Is this a joke or just a really picky customer... Has anyone heard of being hacked like this..... If so how do I prevent this... He is taking up alot of bandwidth... Someone please calm my nerves.. hahahaha
YodasToe Posted August 4, 2004 Author Posted August 4, 2004 How would I do that? And have you heard something like this.. I hate to ban a legitamate customer espically with the amount of products his is thinking about ordering.. but geez..
Guest Posted August 4, 2004 Posted August 4, 2004 i'd be interested in learning how to ban his IP address as well (not him in particular, but in general) The way that I look at it is - If it's too good to be true, it usually is!
YodasToe Posted August 4, 2004 Author Posted August 4, 2004 Thats what I was thinking "is it just can't be..." But then what is this a program a hack or what? I can't believe I am the only oscommerce to see this.. I have only been open since May... Oh well.. Anyway any info on what this is or how to block ips would be greatly appreciated.. Thanks
Guest Posted August 4, 2004 Posted August 4, 2004 I'm guessing that you will probably have to contact your host or something.. but I'm just guessing!
phphelp Posted August 4, 2004 Posted August 4, 2004 you can ban the ip address through your server's admin control panel
YodasToe Posted August 4, 2004 Author Posted August 4, 2004 Would a robot or spider be able to add products to the cart? This is soo frustrating
Guest Posted August 4, 2004 Posted August 4, 2004 its a spider/robot.... stop stressing...we all get them...heck at times I have over 100+ of them and some stay on my site for days..... do a DNS lookup on the IP address and you will see.... you are not been hacked.... a hacker would not be reading reviews....
Guest Posted August 4, 2004 Posted August 4, 2004 A spider would be reading reviews, adding items to the cart, checking out and backing up, etc., just for the simple reason that you have links to those functions. It just blindly follows all the links. If it's been there 9 hours, my guess would be that it's a 'nice' spider that spreads the hits over time instead of bombarding your server all within 5 minutes, which could affect the performance of the site. You might want to modify the code a bit to detect spiders and maybe disable links like Add to Cart for them since you really don't want people clicking into your site with those links, anyway. You might want to search the forums for 'oscsid' or 'sid' for some other threads on that.
pbolyn Posted August 8, 2004 Posted August 8, 2004 I have seen the same problem in the last few weeks. I am not convinced this is just a bot gone wild. My first encounter was a stream of log entries from http://www.omni-explorer.com. I emailed them: > Starting yesterday and continuing today, my web access log is > showing your bot making repetitive accesses to my web site in > a repetitive pattern. This is not the usual courteous manner > in which other bots operate. Please take corrective action to > eliminate this loop. It is causing excess traffic on my site > and filling the access log making it hard to see useful > accesses. I have inserted one cycle of the access loop below. > This pattern repeats over and over in bursts at various times > throughout the day. They replied: >This is an obvious bug inside our bot. We'll fix this immediately. > >If you detect such abnormal activity from our crawler again, please inform me. > >Sincerely, >Ivko Maksimovic >TCrawler development team This was back around the middle of July. The strange accesses continued for a day or two and then stopped. So far so good. But a couple of days ago and continuing periodically to now, I have seen a flood of similar accesses from a different source with no bot identification: ev1s-67-15-36-36.ev1servers.net. What REALLY concerns me is that there are a bunch of POSTs in the stream of accesses, such as: ev1s-67-15-36-36.ev1servers.net - - [08/Aug/2004:01:06:54 -0400] "POST /catalog/password_forgotten.php?action=process HTTP/1.1" 302 5 "-" "Mozilla/5.0" Robots don't do POSTs! I am truly concerned for the safety of my OsCommerce based business. So far this "hacker" hasn't opened the door, but it is just a matter of time! Can anyone alieve my anxiety?
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.