Mort-lemur Posted September 26, 2010 Share Posted September 26, 2010 Hi, I have installed X Sell 2.7.2 and found that when I accessed X Sell from my Admin, it caused my IP to be added to my IP trap on my catalog side. I narrowed this down to this line at the end of my .htaccess file where I route 403 errors into the IP trap: ErrorDocument 403 /a folder/index.php When I remove this code X Sell does not ban me. However, I found the following entries in my error log for when I was banned: [sun Sep 26 20:40:15 2010] [error] [client 88.106.40....] client denied by server configuration: /home/user/public_html/images/default.html, referer: https://www.mysite.co.uk/myadmin/xsell.php [sun Sep 26 20:40:15 2010] [error] [client 88.106.40....] client denied by server configuration: /home/user/public_html/images/index.phtml, referer: https://www.mysite.co.uk/myadmin/xsell.php [sun Sep 26 20:40:15 2010] [error] [client 88.106.40....] client denied by server configuration: /home/user/public_html/images/index.php, referer: https://www.mysite.co.uk/myadmin/xsell.php [sun Sep 26 20:40:15 2010] [error] [client 88.106.40....] client denied by server configuration: /home/oser/public_html/images/index.php3, referer: https://www.mysite.co.uk/myadmin/xsell.php There are more entries like this - it is as though X_Sell.php is sniffing for a file in the images folder, although I cannot see this in the X Sell Code. What is going on here ? Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 26, 2010 Author Share Posted September 26, 2010 Hi again, Could the above be caused by this line of code in the admin/xsell.php file: <td class="dataTableContent" align="center"> <?php echo ((is_file(DIR_FS_CATALOG_IMAGES . '/'.$products['products_image'])) ? tep_image(DIR_WS_CATALOG_IMAGES . '/'.$products['products_image'], "", Is this causing a search for all versions of index.xx in the images folder which leads to a ban? Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 27, 2010 Author Share Posted September 27, 2010 Ok, Feeling a bit more relaxed now - I dont now think this is a hack attempt... Checked the site and no unusual files, sitemonitor is not showing anything unusual, virus scan of all files is OK, and no strange code on page source. So all I can assume is thet the '/'in the code line above is causing a search of the images directory to look for a landing page, which leads to an IP ban. Would I be correct in assuming this ? Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
burt Posted September 27, 2010 Share Posted September 27, 2010 Try changing that particular line of code to; <td class="dataTableContent" align="center"> <?php echo tep_not_null($products['products_image']) ? tep_image(DIR_WS_CATALOG_IMAGES . '/' . $products['products_image'], $products['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) : TEXT_NONE; ?> </td> See if the error still occuring. Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 27, 2010 Author Share Posted September 27, 2010 Hi Gary, Thanks for the code, tried it - but it still takes me directly to the IP trap with the same errors in the error log. Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
burt Posted September 27, 2010 Share Posted September 27, 2010 There is two such lines to change... Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 27, 2010 Author Share Posted September 27, 2010 There is two such lines to change... Hi Gary, Changed lines 299 & 372 - still banned.... Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
burt Posted September 27, 2010 Share Posted September 27, 2010 In that case it is a problem with it's roots elsewhere. Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 27, 2010 Author Share Posted September 27, 2010 Very Strange then. What sort of code in a file would cause attempts of the images folder for the following file names: home.html + Default.html + index.php5 + default.html + index.phtml + index.php + index.php3 + index.php4 + index.cgi + index.pl + index.shtml + index.html what should I be looking for ? I could post the whole xsell.php file - but it is 407 lines long. I have this code in a .htaccess in my images folder as well which may be blocking these as well : # $Id$ # # This is used to restrict access to this folder to anything other # than images # Prevents any script files from being accessed from the images folder <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$"> Order Deny,Allow Deny from all </FilesMatch> Im Completely baffled now. Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
burt Posted September 27, 2010 Share Posted September 27, 2010 Can you go to your usual admin / categories page and go to edit a product. Check the log and see if this causes an error. Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 27, 2010 Author Share Posted September 27, 2010 Hi Gary, No errors - I can edit the products without being banned and without any error logs being generated. Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
burt Posted September 27, 2010 Share Posted September 27, 2010 How about the same thing, but this time yusing a product without an image. Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 27, 2010 Author Share Posted September 27, 2010 Ok, Found a product with no image - edited it in admin = Banned + Errors as above recorded. What is the problem do you think ? Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 27, 2010 Author Share Posted September 27, 2010 OK, I have now made sure that all my products have an image - even the inactive ones. Now I don't get banned by the IP trap and no errors are generatef when using X Sell - I would still like to know what causes this if anyone knows. Many Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
burt Posted September 29, 2010 Share Posted September 29, 2010 When any script looks for a non-existent file, the banning script is initiated... So...that's where you have to look. Why would a non existent file initiate the script? Link to comment Share on other sites More sharing options...
Mort-lemur Posted September 29, 2010 Author Share Posted September 29, 2010 Ok, Well when the image file is none existant then it starts to look for a "landing" file within the images folder, be it index.html, index.php etc etc, so when that happens the images .htaccess prevents those types of files being run, so it directs to the banning script. ??? However, what initiates the progranmme to look for the landing page? and to try all the variations of index or home files as I posted above? Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
Brainbug125 Posted April 25, 2012 Share Posted April 25, 2012 @@Mort-lemur I have the same probs... and that solved the issue Have u found the reason? I just want to understand in wich part of the script i have to look I use osC_Sec_5.0.3 KISS_FileSafe_version_1.0_r12 Security Pro 2.0 ( r7 )_1 And where i have to look to define a landing page? Ty My Add On for the Osc Community MMB-Manager (Modules,Menu,Boxes Manager) V. 1.0 for 2.31 Link to comment Share on other sites More sharing options...
Brainbug125 Posted April 26, 2012 Share Posted April 26, 2012 Forgot my previous...i found the issue in my advanced_search My Add On for the Osc Community MMB-Manager (Modules,Menu,Boxes Manager) V. 1.0 for 2.31 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.