shartlesville Posted June 4, 2008 Posted June 4, 2008 When I view the "who's online" section. I am occasionally seeing a very strange "Last Url" This is the newest one: /store/catalog/product_info.php?products_id=http://laudanskisucksss.chat.ru/placeholder/image? Yesterday there were a couple of others that were like that with a different url that goes to some russian chat. Why would these appear and is there a way to fix or stop it? Thank you in advance! K
germ Posted June 4, 2008 Posted June 4, 2008 Why would these appear Just some bot trying to hack it's way into your shop... :o and is there a way to fix or stop it? Get the IP address and ban it. ;) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
shartlesville Posted June 4, 2008 Author Posted June 4, 2008 Just some bot trying to hack it's way into your shop... :o Get the IP address and ban it. ;) :o WHAT??? :angry: Ok, THANKS! B)
♥GLWalker Posted June 7, 2008 Posted June 7, 2008 wher does one ban the culprit?Gill A See this thread: http://www.oscommerce.com/forums/index.php?sho...300238&st=0 Follow the community build: BS3 to osCommerce Responsive from the Get Go! Check out the new construction: Admin Gone to Total BS!
♥FWR Media Posted June 7, 2008 Posted June 7, 2008 I personally think that chasing querystring hackers by attempting to ban their IP is a losing game. I logged this once and had 800 attempts in one month. All you really need to do is ensure that they can't cross site script with a url through the querystring. Security Pro guards against such attacks by whitelisting the characters allowed in the querystring generated variables. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work.
Guest Posted June 7, 2008 Posted June 7, 2008 Security Pro guards against such attacks by whitelisting the characters allowed in the querystring generated variables. awesome contribution and good for piece of mind too.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.