Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

URGENT- Fraudster online Now


andro123

Recommended Posts

I have I believe an automated IP address

OrgName: RIPE Network Coordination Centre

OrgID: RIPE

Address: P.O. Box 10096

City: Amsterdam

StateProv:

PostalCode: 1001EB

Country: NL

 

ReferralServer: whois://whois.ripe.net:43

 

NetRange: 159.147.0.0 - 159.149.255.255

CIDR: 159.147.0.0/16, 159.148.0.0/15

NetName: RIPE-ERX-159-147-0-0

NetHandle: NET-159-147-0-0-1

Parent: NET-159-0-0-0-0

NetType: Early Registrations, Transferred to RIPE NCC

Comment: These addresses have been further assigned to users in

Comment: the RIPE NCC region. Contact information can be found in

Comment: the RIPE database at http://www.ripe.net/whois

RegDate: 2003-10-29

Updated: 2003-10-29

 

actually logged in on my system with ?7911 worth of items in the shopping basket. i do not want them to be able to go ahead and purchase this is there anything I can do. Can I block an IP address and if so how

help would be greatly appreciated

thanks

Link to comment
Share on other sites

No they are logged in as a guest. the total of the goods is now up to 14000, i need to get them off as while they are on no one else can add the items to the basket can they?? they seem to be adding the whole stock theyve been on for 12 hours now! help!!

Link to comment
Share on other sites

It might just be a search engine spider i have seen threads complaining about them doing this

 

 

Hi no I dont think so cos the adding to the basket is way more than the actual items in stock. Its been on all day now and last night i really want to get rid of it, any ideas at all as to how. Is it worth me getting in touch with the hosting company?

Link to comment
Share on other sites

andro,

 

Just wanted to let you know that you are not alone in the RIPE thing. Apparently, RIPE is a provider in Amsterdam, but the people who abuse their system are actually Russian.

 

I had a DoS attack today on my site (justpillows.com) from the RIPE network. I blocked the ip address using the .htaccess file:

 

<Limit GET>

order allow,deny

allow from all

deny from 212.62.240.156

deny from 212.62.240.*

</Limit>

 

Hopefully this will work, but I am also looking at other avenues for blocking ip addresses. Let me know if you come up with anything else.

 

Good luck!

Soft, elegant, yet suprisingly affordable

Link to comment
Share on other sites

andro,

 

Just wanted to let you know that you are not alone in the RIPE thing. Apparently, RIPE is a provider in Amsterdam, but the people who abuse their system are actually Russian.

 

I had a DoS attack today on my site (justpillows.com) from the RIPE network. I blocked the ip address using the .htaccess file:

 

<Limit GET>

order allow,deny

allow from all

deny from 212.62.240.156

deny from 212.62.240.*

</Limit>

 

Hopefully this will work, but I am also looking at other avenues for blocking ip addresses. Let me know if you come up with anything else.

 

Good luck!

 

 

Hi Everybody

 

I'm having exactly the same problem, although the attack changes IP address every 10-15 mins, I know its the same Guest as the same items are shown in the cart everytime the IP changes. The cart is up around 50 items now ( 8500 Swedish Krona), so far though they havn't registered. Can some body tell me whats happening and what to do, as blocking a dynamic IP address is not going to work!

Is there any files I should be looking for that they could have uploaded to my server (The images dir. is clean, I've checked) ?

 

Thanks in advance.

David C

Link to comment
Share on other sites

Sounds like a spider to me.

 

Make sure you have an upto date spiders.txt

 

Spiders that are not in your spiders.txt file will add products to the shopping cart. It does not mean that you are being hacked.

 

There are loads of threads covering this.

 

Mark

Lifes a bitch, then you marry one, then you die!

Link to comment
Share on other sites

Sounds like a spider to me.

 

Make sure you have an upto date spiders.txt

 

Spiders that are not in your spiders.txt file will add products to the shopping cart. It does not mean that you are being hacked.

 

There are loads of threads covering this.

 

Mark

 

Thanks Mark

 

I've taken your advice and have now prevented Spider Sesseions in Admin. and also added the latest spider.txt to my /includes dir. Just keep my fingers crossed now that it was a spider.

 

regards

David C

Link to comment
Share on other sites

I'm having exactly the same problem, although the attack changes IP address every 10-15 mins, I know its the same Guest as the same items are shown in the cart everytime the IP changes.

 

If you are seeing this sort of 'attack' then don't immediately start blocking genuine ip addresses. Please check this out first.

 

Access your website's database via phpMyAdmin and go to the Sessions table, click on Browse. Look for a session without a session id. If you find one then delete it. This is the cause of the same cart jumping from one ip address to another. The ip addresses are genuine ip addresses of visitors to your website - it's just that the Guest cart is jumping to them as soon as they arrive at your site.

 

At this point in time I do not know if this is a new exploit in osCommerce, but it is something that I have seen during the past week or so.

 

It may be the work of a malicious spider used by hackers, but it's the session without any session id in the database that concerns me.

 

Please check your database and if you find any sessions without session ids then please report them here in this thread. We'll then know if it is an exploit or not.

 

Vger

Link to comment
Share on other sites

  • 2 weeks later...

Hey guys,

 

I will definitely look and see what is in the Sessions db.

 

However, I must point out that the guys who actually run our server notified us of the DoS attack. I know that, at least in my case, it was not a simple spider. This was all back-end stuff--nothing added to the cart. The server guys actually watched this user poke around the site before they blocked him.

 

RIPE is a breeding ground for hackers and spammers from Europe and Russia. Their main objective is to hijack your email processes to send out spam mail in your name. I do not want to come across as Chicken Little, but also wanted to point out that everyone should be at least somewhat suspicious of RIPE behavior.

 

Hope that helps.

Soft, elegant, yet suprisingly affordable

Link to comment
Share on other sites

RIPE is the European Internet Registry. I don't think they are going to be hacking anyone. It's probably the hackers masking or spoofing ip addresses. Unfortunately there are commercial companies out there that sell these services.

 

Vger

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...