lindsayanng Posted October 6, 2008 Posted October 6, 2008 There is this BAD BAD bot that has been on my site for 4 hours. I searched them and they are harvesters of customer information and are REALLY bad.. Anyways, i THOUGHT I had blocked them.. They have all IP addresses starting with 38.0 and i need to block all. the one that is on my site now it 38.99.44.104 and has been there When i wrote this code into my public_html/.htacess file they went away, but now they are back,a nd using the same ip address deny from 38.0.0.0 did i do that wrong?? Did i put it in the wrong .htacess?? I know that with oscommerce, there is on in the pub folder, one in the includes and one in the admin.. Which one is this supposed to be in? A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
Guest Posted October 6, 2008 Posted October 6, 2008 There is this BAD BAD bot that has been on my site for 4 hours. I searched them and they are harvesters of customer information and are REALLY bad.. Anyways, i THOUGHT I had blocked them.. They have all IP addresses starting with 38.0 and i need to block all. the one that is on my site now it 38.99.44.104 and has been there When i wrote this code into my public_html/.htacess file they went away, but now they are back,a nd using the same ip address deny from 38.0.0.0 did i do that wrong?? Did i put it in the wrong .htacess?? I know that with oscommerce, there is on in the pub folder, one in the includes and one in the admin.. Which one is this supposed to be in? For blocking any ip starting with 38: order allow,deny deny from 38. allow from all For blocking the ip order allow,deny deny from 38.0.0.0 allow from all
user99999999 Posted October 6, 2008 Posted October 6, 2008 Use the tool below to create a CIDR address range and put it in public_html/.htaccess http://www.purlgurl.net/~tools/range2subnet.html Note 38.99.44.104 is the cuil search engine bot. http://www.cuil.com/ Use this tool for blocking countries incase someone needs it. http://www.find-ip-address.org/ip-country/
lindsayanng Posted October 6, 2008 Author Posted October 6, 2008 see, when i do i whois on that bot, i come up withthis company Performance Systems International Inc. and when i searched them, i found that they are notorious for stealing customer database info.. maybe i shouldnt have blocked them.. I dont know.. does ANYONE know why whois doesnt show that IP as cuil? Where did you get the info that it was cuil? A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
Guest Posted October 6, 2008 Posted October 6, 2008 For blocking any ip starting with 38: order allow,deny deny from 38. allow from all For blocking the ip order allow,deny deny from 38.0.0.0 allow from all Here is a link to an explanation of this: http://www.clockwatchers.com/htaccess_block.html
Guest Posted October 6, 2008 Posted October 6, 2008 see, when i do i whois on that bot, i come up withthis company and when i searched them, i found that they are notorious for stealing customer database info.. maybe i shouldnt have blocked them.. I dont know.. does ANYONE know why whois doesnt show that IP as cuil? Where did you get the info that it was cuil? http://whois.domaintools.com/38.99.44.104 Resolve Host: crawl-13.cuill.com
lindsayanng Posted October 6, 2008 Author Posted October 6, 2008 yea.. i got them off my site, but now i dont know if i should have.. the whois did NOT come up as a search engine.. not even a little.. but the guy above says it is.. i dont know where that info came from - either way, they were on the site for 4 hours.. what is resolve host? and why would a search engine be on there for that long? A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
Guest Posted October 6, 2008 Posted October 6, 2008 yea.. i got them off my site, but now i dont know if i should have.. the whois did NOT come up as a search engine.. not even a little.. but the guy above says it is.. i dont know where that info came from - either way, they were on the site for 4 hours.. what is resolve host? and why would a search engine be on there for that long? The resolve host is what the ip resolves to. IDK if you noticed on this forum in the users online at the bottom that Google.com is on here alot (probably mroe then 4 hours).
lindsayanng Posted October 6, 2008 Author Posted October 6, 2008 yea.. i noticed that. I dont mind google, ect.. but when i searched the ip, instead of the name of the search engine, i get the company name, and if you google that company name - it is ALL BAD THINGS... so why is the company bad, but the search engine ok? i am just confused about the mixed info on the net then A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
Guest Posted October 6, 2008 Posted October 6, 2008 yea.. i noticed that. I dont mind google, ect.. but when i searched the ip, instead of the name of the search engine, i get the company name, and if you google that company name - it is ALL BAD THINGS... so why is the company bad, but the search engine ok? i am just confused about the mixed info on the net then They are two different companies. Performance Systems International Inc. is the ISP of Cuil.
lindsayanng Posted October 6, 2008 Author Posted October 6, 2008 why did i read so many bad things about PSI then?? if they are JUST an IP, why did people say they harvest customer details.. I will un-deny them if needed now A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
Guest Posted October 6, 2008 Posted October 6, 2008 why did i read so many bad things about PSI then?? if they are JUST an IP, why did people say they harvest customer details.. I will un-deny them if needed now I do not know why you read the bad things (curious maybe?). They are an ISP (Internet Service Provider) like comcast, AT&T, etc. I am sure there is bad talk about these guys, too. You can reject access via the robots.txt file as well.
user99999999 Posted October 6, 2008 Posted October 6, 2008 Your right a lot of bad things come from their ip's, I have several ranges already blocked. Not sure why cuil uses it but maybe best to block it all. deny from 38.0.0.0/8 or deny from 38.
lindsayanng Posted October 6, 2008 Author Posted October 6, 2008 I did the block all, but i dont want to block a search engine if i dont HAVE to... A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
♥toyicebear Posted October 7, 2008 Posted October 7, 2008 Have a look at Project HoneyPot Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here]
lindsayanng Posted October 7, 2008 Author Posted October 7, 2008 that is an interesting site.. i signed up for an account.. On another note, my husband just told me, he was watching that bot all night, and it spent a LOAD of time in the reviews.. isnt the reviews section the only open access to the database and how hackers usually get inthere?? any links to patches for that? A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
playcraft Posted October 7, 2008 Posted October 7, 2008 that is an interesting site.. i signed up for an account.. On another note, my husband just told me, he was watching that bot all night, and it spent a LOAD of time in the reviews.. isnt the reviews section the only open access to the database and how hackers usually get inthere?? any links to patches for that? As long as your scripts are not vulnerable you should be ok. Doesn't your husband have anything better to do then watch a bot's activities :huh: ?
lindsayanng Posted October 7, 2008 Author Posted October 7, 2008 not when he;s being an insomniac waiting for our cat to come home (that was already inside but hiding) But what i am saying is that even though i havent added any extras to my reviews section, it is a KNOWN vulnerability... what can i do to patch it?? A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
playcraft Posted October 7, 2008 Posted October 7, 2008 not when he;s being an insomniac waiting for our cat to come home (that was already inside but hiding) But what i am saying is that even though i havent added any extras to my reviews section, it is a KNOWN vulnerability... what can i do to patch it?? Known vulnerability?
lindsayanng Posted October 7, 2008 Author Posted October 7, 2008 yes.. it is the only point in oscommerce that CUSTOMERS can write directly to the DB A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
playcraft Posted October 7, 2008 Posted October 7, 2008 yes.. it is the only point in oscommerce that CUSTOMERS can write directly to the DB As long as your post vars are properly sanitized you should be fine. The tep_db_prepare_input() function takes care of this.
playcraft Posted October 7, 2008 Posted October 7, 2008 yes.. it is the only point in oscommerce that CUSTOMERS can write directly to the DB IDK, where you came up with that conclusion. Unless you are not storing usernames, passwords, customer info (first name, last name, addresses, etc.), orders (which I doubt), etc in your database then the above statement would be true for your store.
lindsayanng Posted October 7, 2008 Author Posted October 7, 2008 when a customer writes a review, there is a much higher character count on the reviews thought, enough to put a script in through there A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
playcraft Posted October 7, 2008 Posted October 7, 2008 when a customer writes a review, there is a much higher character count on the reviews thought, enough to put a script in through there What about notes when a customer checks out?
lindsayanng Posted October 7, 2008 Author Posted October 7, 2008 i'm not sure. I searched and couldnt find the post that i read about it.. maybe it was fixed inthe newest release A great place for newbies to start Road Map to oscommerce File Structure DO NOT PM ME FOR HELP. My time is valuable, unless i ask you to PM me, please dont. You will get better help if you post publicly. I am not as good at this as you think anyways! HOWEVER, you can visit my blog (go to my profile to see it) and post a question there, i will find time to get back and answer you Proud Memeber of the CODE BREAKERS CLUB!!
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.