Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Who's Online - weird URL


shartlesville

Recommended Posts

When I view the "who's online" section. I am occasionally seeing a very strange "Last Url" This is the newest one: /store/catalog/product_info.php?products_id=http://laudanskisucksss.chat.ru/placeholder/image?

 

Yesterday there were a couple of others that were like that with a different url that goes to some russian chat. Why would these appear and is there a way to fix or stop it?

 

Thank you in advance!

K

Link to comment
Share on other sites

Why would these appear

Just some bot trying to hack it's way into your shop...

:o

 

and is there a way to fix or stop it?

Get the IP address and ban it.

;)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

I personally think that chasing querystring hackers by attempting to ban their IP is a losing game. I logged this once and had 800 attempts in one month.

 

All you really need to do is ensure that they can't cross site script with a url through the querystring.

 

Security Pro guards against such attacks by whitelisting the characters allowed in the querystring generated variables.

Link to comment
Share on other sites

Security Pro guards against such attacks by whitelisting the characters allowed in the querystring generated variables.

awesome contribution and good for piece of mind too.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...