Jack_mcs Posted September 4, 2016 Author Share Posted September 4, 2016 @@stefan21 I tested it here and it is working as it should though I don't have it installed on a php 5.5 shop so that may be the reason it fails. The failure seems to be due to a database statement but there are a number of database statements executed when that directory is visited and without knowing which one is causing the failure, I don't have any way of looking at this. You can try changing the bad bot trap setting to email since that will eliminate one statement. If it still fails, try setting it to off. If it still fails, then it is something else in the View Counter code. Let me know how it goes. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
stefan21 Posted September 4, 2016 Share Posted September 4, 2016 @@Jack_mcs, thank you for your time and your reply. To clarify: it's HTTP Server: Apache/2.2.31 (Unix) PHP Version: 5.3.29 (Zend: 2.3.0) I'll try out what you suggested and let you know. Quote Link to comment Share on other sites More sharing options...
stefan21 Posted September 4, 2016 Share Posted September 4, 2016 I tried what you suggested. While accessing the shop on the index.php the IP of my mobile device shows up in view counter. When I try to access view_counter_trap.php the attempt is not registered in the monitor. Same when I try to access /admin. No email is beeing sent and the IP is not beeing banned. Also no records in the faillog of the server. Just nothing. Here's my .htaccess: # $Id$# view counter trap anyone trying to access adminOptions +FollowSymLinksRewriteEngine OnRewriteCond %{REQUEST_URI} \"/admin/\"RewriteRule (.*) view_counter_trap.php [L]# Redirect domain.com to www.domain.comRewriteCond %{HTTP_HOST} ^XXX.de [NC]RewriteRule ^(.*)$ https://www.XXX.de/$1[L,R=301] # stop hotlinking (gif/jpg) and serve alternate content# I have included an image for you to upload, please note if you use your images out side of your server (like linked into EBAY) you cannot use # this.<IfModule mod_rewrite.c>RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^https://(www\\.)?XXX\\.de/.*$ [NC]RewriteRule .*\\.(gif|jpg)$ https://www.XXX.de/images/stolen.gif [R,NC,L] </ifModule># deny most common except .php<FilesMatch \"\\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$\"> deny from all</FilesMatch># Disable .htaccess viewing from browser<Files ~ \"^\\.ht\"> Order allow,deny Deny from all Satisfy All</Files><Files .htaccess>order allow,denydeny from all</Files># Disable access to config.php<Files ~ \"includes\\configure.php$\"></Files># The following makes adjustments to the SSL protocol for Internet# Explorer browsers<IfModule mod_setenvif.c> <IfDefine SSL> SetEnvIf User-Agent \".*MSIE.*\" \\ nokeepalive ssl-unclean-shutdown \\ downgrade-1.0 force-response-1.0 </IfDefine></IfModule>## This is used with Apache WebServers## For this to work, you must include the parameter \'Options\' to# the AllowOverride configuration## Example:## <Directory \"/usr/local/apache/htdocs\"># AllowOverride Options# </Directory>## \'All\' with also work. (This configuration is in the# apache/conf/httpd.conf file)AddType video/ogg .ogmAddType video/ogg .ogvAddType video/ogg .oggAddType video/webm .webmAddType audio/webm .webaAddType video/mp4 .mp4AddType video/x-m4v .m4v# The following makes adjustments to the SSL protocol for Internet# Explorer browsers#<IfModule mod_setenvif.c># <IfDefine SSL># SetEnvIf User-Agent \".*MSIE.*\" \\# nokeepalive ssl-unclean-shutdown \\# downgrade-1.0 force-response-1.0# </IfDefine>#</IfModule># If Search Engine Friendly URLs do not work, try enabling the# following Apache configuration parameter# AcceptPathInfo On# Fix certain PHP values# (commented out by default to prevent errors occuring on certain# servers)# php_value session.use_trans_sid 0# php_value register_globals 1#AuthUserFile /mnt/webp/e3/52/51666952/htdocs/XXX/.htpasswd#AuthName \"shop\"#AuthType Basic# <Limit GET POST># require valid-user# </Limit># Begin Ultimate SEO V2.2dOptions +FollowSymLinksRewriteEngine On # RewriteBase instructions # Change RewriteBase dependent on how your shop is accessed as below. # https://www.XXX.de = RewriteBase / # https://www.XXX.de/catalog/ = RewriteBase /catalog/ # https://www.XXX.de/catalog/shop/ = RewriteBase /catalog/shop/ # Change the following line using the instructions above RewriteBase /RewriteRule ^(.*)-p-(.*).html$ product_info.php?products_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING}RewriteRule ^(.*)-m-(.*).html$ index.php?manufacturers_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-pi-(.*).html$ popup_image.php?pID=$2&%{QUERY_STRING}RewriteRule ^(.*)-by-(.*).html$ all-products.php?fl=$2&%{QUERY_STRING}RewriteRule ^(.*)-t-(.*).html$ articles.php?tPath=$2&%{QUERY_STRING}RewriteRule ^(.*)-a-(.*).html$ article_info.php?articles_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-au-(.*).html$ articles.php?authors_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-pr-(.*).html$ product_reviews.php?products_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-pri-(.*).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-f-(.*).html$ faqdesk_info.php?faqdesk_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-fc-(.*).html$ faqdesk_index.php?faqPath=$2&%{QUERY_STRING}RewriteRule ^(.*)-fri-(.*).html$ faqdesk_reviews_info.php?faqdesk_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-fra-(.*).html$ faqdesk_reviews_article.php?faqdesk_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-i-(.*).html$ information.php?info_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-links-(.*).html$ links.php?lPath=$2&%{QUERY_STRING}RewriteRule ^(.*)-pm-([0-9]+).html$ extra_info_pages.php?pages_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-n-(.*).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-nc-(.*).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING}RewriteRule ^(.*)-nri-(.*).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-nra-(.*).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING}RewriteRule ^(.*)-po-([0-9]+).html$ pollbooth.php?pollid=$2&%{QUERY_STRING}# End Ultimate SEO V2.2d Maybe there's the reason? Quote Link to comment Share on other sites More sharing options...
stefan21 Posted September 4, 2016 Share Posted September 4, 2016 Update: 1. Bad Bot Trap configured as ban - accessing the directory /view_counter_badbottrap does not work - accessing the file view_counter_trap.php or view_counter_trap_badbot.php does not work - in any case IP does not show up in the monitor 2. Bad Bot Trap configured as email - accessing the directory /view_counter_badbottrap sends an email to the specified email-adress - accessing the file view_counter_trap_badbot.php sends an email to the specified email-adress - accessing the file view_counter_trap.php leads to nothing - in any case IP does not show up in the monitor 3. Bad Bot Trap configured as both - accessing the directory /view_counter_badbottrap sends an email to the specified email-adress - accessing the file view_counter_trap_badbot.php sends an email to the specified email-adress - accessing the file view_counter_trap.php leads to nothing - in any case IP does not show up in the monitor The message is NOT FOUND The requested URL /404.shtml was not found on this server The redirection is always to https://www.XXX.de//404.shtml Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 5, 2016 Author Share Posted September 5, 2016 I'm confused by your replies. One said no emails are sent but the following post says they were. Also, is the error you mentioned no longer happening? Contrary to what the setting says, the code can't ban such an IP. It could at one point but then I found that the search engines were not always following the robots directive and would end up getting banned. I have made changes in the next version for that but haven't tested it yet. The changes below will ban such an IP unless it is a search engine. Please test it and let me know how it goes. In the includes/modules/view_counter.php file, find the following (around lines 228 through 266): if (basename($_SERVER['PHP_SELF']) === 'view_counter_trap_badbot.php') { if (VIEW_COUNTER_BAD_BOT_TRAP != 'Off') { //otherwise ignore if (VIEW_COUNTER_BAD_BOT_TRAP != 'Email') { //then ban or both is set if ($notBanned) { $sqlData = array('ip_number' => ip2long(tep_db_input($viewSqlArray['ip'])), 'ignore_status' => 0); tep_db_perform(TABLE_VIEW_COUNTER_IGNORE, $sqlData); } } if (VIEW_COUNTER_BAD_BOT_TRAP != 'Ban') { //then email or both is set $mail_sent_query = tep_db_query("select 1 from " . TABLE_VIEW_COUNTER_EMAILS . " where ip_number = inet_aton('" . $viewSqlArray['ip'] . "') and sent = 1"); if (tep_db_num_rows($email_sent) == 0) { $subject = sprintf(TEXT_VIEW_COUNTER_EMAIL_TRAP_SUBJECT, $viewSqlArray['ip']); $msg = sprintf(TEXT_VIEW_COUNTER_EMAIL_TRAP_MSG_SPOOF, $viewSqlArray['ip'], 'http://www.projecthoneypot.org/ip_' . $viewSqlArray['ip']); $vcSendTo = (tep_not_null(VIEW_COUNTER_SEND_EMAILS_TO) ? VIEW_COUNTER_SEND_EMAILS_TO : STORE_OWNER_EMAIL_ADDRESS); tep_db_query("insert into " . TABLE_VIEW_COUNTER_EMAILS . " (ip_number, sent) values (INET_ATON('" . $viewSqlArray['ip'] . "'), '1')"); tep_mail(STORE_OWNER, $vcSendTo, $subject, $msg, STORE_OWNER, $vcSendTo); } } } } //don't record banned or ignored IP's if (isset($invalidAttempt) && $invalidAttempt) { $view_check_query = tep_db_query("select 1 from " . TABLE_VIEW_COUNTER_BANNED . " where ip_number = INET_ATON('" . $viewSqlArray['ip'] . "')"); if (tep_db_num_rows($view_check_query) > 0) { $email_sent = tep_db_query("select 1 from " . TABLE_VIEW_COUNTER_EMAILS . " where ip_number = inet_aton('" . $viewSqlArray['ip'] . "') and sent = 1"); if (tep_db_num_rows($email_sent) == 0) { $subject = sprintf(TEXT_VIEW_COUNTER_EMAIL_TRAP_SUBJECT, $viewSqlArray['ip']); $msg = sprintf(TEXT_VIEW_COUNTER_EMAIL_TRAP_MSG, $viewSqlArray['ip'], 'http://www.projecthoneypot.org/ip_' . $viewSqlArray['ip']); $vcSendTo = (tep_not_null(VIEW_COUNTER_SEND_EMAILS_TO) ? VIEW_COUNTER_SEND_EMAILS_TO : STORE_OWNER_EMAIL_ADDRESS); tep_db_query("insert into " . TABLE_VIEW_COUNTER_EMAILS . " (ip_number, sent) values (INET_ATON('" . $viewSqlArray['ip'] . "'), '1')"); tep_mail(STORE_OWNER, $vcSendTo, $subject, $msg, STORE_OWNER, $vcSendTo); } } return; } /**** Someone has attempted to access admin ****/ $notBanned = false; and replace with /**** A bot has accessed a file not meant to be accessed - good bots shouldn't do this ****/ $notBanned = false; if (! $viewSqlArray['isbot'] && basename($_SERVER['PHP_SELF']) === 'view_counter_trap_badbot.php') { if (VIEW_COUNTER_BAD_BOT_TRAP != 'Off') { //otherwise ignore if (VIEW_COUNTER_BAD_BOT_TRAP != 'Email') { //then ban or both is set if (! $notBanned) { $sqlData = array('ip_number' => ip2long(tep_db_input($viewSqlArray['ip'])), 'ignore_status' => 0); tep_db_perform(TABLE_VIEW_COUNTER_IGNORE, $sqlData); $notBanned = true; } } if (VIEW_COUNTER_BAD_BOT_TRAP != 'Ban') { //then email or both is set $mail_sent_query = tep_db_query("select 1 from " . TABLE_VIEW_COUNTER_EMAILS . " where ip_number = inet_aton('" . $viewSqlArray['ip'] . "') and sent = 1"); if (tep_db_num_rows($email_sent) == 0) { $subject = sprintf(TEXT_VIEW_COUNTER_EMAIL_TRAP_SUBJECT, $viewSqlArray['ip']); $msg = sprintf(TEXT_VIEW_COUNTER_EMAIL_TRAP_MSG_SPOOF, $viewSqlArray['ip'], 'http://www.projecthoneypot.org/ip_' . $viewSqlArray['ip']); $vcSendTo = (tep_not_null(VIEW_COUNTER_SEND_EMAILS_TO) ? VIEW_COUNTER_SEND_EMAILS_TO : STORE_OWNER_EMAIL_ADDRESS); tep_db_query("insert into " . TABLE_VIEW_COUNTER_EMAILS . " (ip_number, sent) values (INET_ATON('" . $viewSqlArray['ip'] . "'), '1')"); tep_mail(STORE_OWNER, $vcSendTo, $subject, $msg, STORE_OWNER, $vcSendTo); } } } } //don't record banned or ignored IP's if (! $viewSqlArray['isbot'] && isset($invalidAttempt) && $invalidAttempt) { $view_check_query = tep_db_query("select 1 from " . TABLE_VIEW_COUNTER_BANNED . " where ip_number = INET_ATON('" . $viewSqlArray['ip'] . "')"); if (tep_db_num_rows($view_check_query) > 0) { $email_sent = tep_db_query("select 1 from " . TABLE_VIEW_COUNTER_EMAILS . " where ip_number = inet_aton('" . $viewSqlArray['ip'] . "') and sent = 1"); if (tep_db_num_rows($email_sent) == 0) { $subject = sprintf(TEXT_VIEW_COUNTER_EMAIL_TRAP_SUBJECT, $viewSqlArray['ip']); $msg = sprintf(TEXT_VIEW_COUNTER_EMAIL_TRAP_MSG, $viewSqlArray['ip'], 'http://www.projecthoneypot.org/ip_' . $viewSqlArray['ip']); $vcSendTo = (tep_not_null(VIEW_COUNTER_SEND_EMAILS_TO) ? VIEW_COUNTER_SEND_EMAILS_TO : STORE_OWNER_EMAIL_ADDRESS); tep_db_query("insert into " . TABLE_VIEW_COUNTER_EMAILS . " (ip_number, sent) values (INET_ATON('" . $viewSqlArray['ip'] . "'), '1')"); tep_mail(STORE_OWNER, $vcSendTo, $subject, $msg, STORE_OWNER, $vcSendTo); } } return; } /**** Someone has attempted to access admin ****/ Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
stefan21 Posted September 5, 2016 Share Posted September 5, 2016 Jack, I'm sorry for confusing you. To clarify: The first test I did was accessing the view_counter_trap.php. While accessing this *file* no email was sent and the IP didn't show up in the monitor. accessing the file view_counter_trap.php leads to nothing Trying to access the /admin/ *directory* is not monitored, no email is sent. With the configuration "email" the error seems to be gone and - accessing the *directory* /view_counter_badbottrap sends an email to the specified email-adress - accessing the *file* view_counter_trap_badbot.php sends an email to the specified email-adress an email is beeing sent. I'll try your suggested code and will report. Thank's again for spending your time following. stefan Quote Link to comment Share on other sites More sharing options...
stefan21 Posted September 5, 2016 Share Posted September 5, 2016 I tried the suggested code. IP was not monitored and not banned and is still able to access the index.php from the shop, means not banned. Result is still: accessing the directory /view_counter_badbottrap sends an email to the specified email-adress - accessing the file view_counter_trap_badbot.php sends an email to the specified email-adress - accessing the file view_counter_trap.php leads to nothing - in any case IP does not show up in the monitor And a closer look at the logs is still bringing up: PHP Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /mnt/web019/a2/52/51666952/htdocs/XXX/includes/functions/database.php on line 104 Access to /admin/ is not monitored, not banned and no email has been sent. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 6, 2016 Author Share Posted September 6, 2016 To be clear about how it works. when access is through one of the traps, it won' show up in the monitor. With the change I posted, it should show up in the banned list. Are you seeing it there? Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted September 16, 2016 Share Posted September 16, 2016 (edited) @@Jack_mcs Hi Jack Not sure whether to post here or not.. Just checking thru View Monitor and notice under" File Name" someone was playing around with "autocomplete.php" so I decided to click on the file name to see what was going on, and this was what I was greeted with in the browser page; Warning: include(includes/configure.php): failed to open stream: No such file or directory in /home/XXXX/public_html/includes/application_top.php on line 28 Warning: include(includes/configure.php): failed to open stream: No such file or directory in /home/XXXX/public_html/includes/application_top.php on line 28 Warning: include(): Failed opening 'includes/configure.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/XXXX/public_html/includes/application_top.php on line 28 Warning: require(DIR_WS_FUNCTIONScompatibility.php): failed to open stream: No such file or directory in /home/XXXX/public_html/includes/application_top.php on line 42 Warning: require(DIR_WS_FUNCTIONScompatibility.php): failed to open stream: No such file or directory in /home/XXXXX/public_html/includes/application_top.php on line 42 Fatal error: require(): Failed opening required 'DIR_WS_FUNCTIONScompatibility.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/XXXX/public_html/includes/application_top.php on line 42 Ive no idea what to do, if anything. Are you able to throw any light on this please. Many thanks Cheers Grandpa Edited September 16, 2016 by grandpaj Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 16, 2016 Author Share Posted September 16, 2016 I just tried it here in a live BS shop, which I think is the version you are using, and it worked as it should, which is to open that page in a browser. But I don't know what the autocomplete.php file is for - it's not a stock file. My guess is that it is some file used for some addon but not meant to be called directly. View Counter is trying to load the file but if it is not a file that is meant to be displayed, that failure will happen. If it is a file that isn't meant for display, it shouldn't be in the root directory. It may be needed there for whatever it is used for but probably shouldn't be code-wise. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted September 16, 2016 Share Posted September 16, 2016 (edited) @@Jack_mcs Hi Jack Im pretty sure the autocomplete.php file is from the addon, twitter typeahead from auzstar http://addons.oscommerce.com/info/9351 Any ideas as to what I should do, or is it something not to worry about. Im so paranoid about securoty. Cheers Grandpa Edited September 16, 2016 by grandpaj Quote Link to comment Share on other sites More sharing options...
auzStar Posted September 16, 2016 Share Posted September 16, 2016 @@grandpaj The "autocomplete.php" file isn't a file that's meant to be displayed, it contains background processing for the "twitter typeahead" drop down list. It doesn't exist in the root directory, it exists within the "ext" folder buried inside other folders. Why, what's the issue? Quote My Add-onsAdvanced Cache Control Tool for osCommerce 2.3.x (non-bootstrap) Download SupportAjax Product Listing for osC 2.3.4 (bootstrap) Download SupportCategory New Products Carousel for osC 2.3.4 (bootstrap) Download SupportCategory Popular Products Carousel for osC 2.3.4 (bootstrap) Download SupportCustomer Testimonials for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download SupportFront Page New Products Carousel for osC 2.3.4 (bootstrap) Download SupportIndex Nested - Product Listing for osC 2.3.4 (bootstrap) Download SupportMatch Categories in Search Results for osCommerce versions 2.3.x (non-bootstrap) Download SupportModular Category Page for osC 2.3.4 (bootstrap) Download SupportNEW Australia Post Shipping Modules for osCommerce 2.3.x (non-bootstrap) Download SupportNEW Equal Height Module for osC 2.3.4 (bootstrap) Download SupportProducts Low Stock Report for osC 2.3.x (bootstrap and non-bootstrap) Download SupportTwitter Typeahead Autocomplete Search for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download SupportUpcoming Products Modules for osC 2.3.4 (bootstrap) Download Support Assisted Add-onsScroll Boxes for osCommerce 2.3.x (bootstrap and non-bootstrap) Download Support Bootstrap Add-ons created by other membersosCommerce Bootstrap Addons and Code Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 16, 2016 Author Share Posted September 16, 2016 @@auzStar The autocomplete file is being viewed by someone or some script. @@grandpa Given what Dominic said, I suspect you are seeing a data skimmer. In the roots .htaccess file, if you have a command for Options, add -Indexes to it. If not add this line Options -Indexes Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted September 16, 2016 Share Posted September 16, 2016 @@auzStar Thanks Dom @@Jack_mcs Thanks Jack, The add -Indexes was already in the .htacess file. Maybe Im being over cautious, and although I could see the warning in my browser which I got to by clicking in the View Monitor under File Name, perhaps no one else can see it. Just a thought. Cheers John Quote Link to comment Share on other sites More sharing options...
Guest Posted September 16, 2016 Share Posted September 16, 2016 @@Jack_mcs @@auzStar Hi Jack/Dom Done a little more work on the above problem. It seems when using autocomplete the "problem" arises as I did a search on our site using autocomplete, then went to View Monitor clicked the autocomplete.php file appearing in the File Name column,which took me to the browser, and the warning was there, so maybe the warning is nothing to worry about. Thanks guys Kind regards Grandpa Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 17, 2016 Author Share Posted September 17, 2016 As mentioned, the warning is because the file doesn't have code in it to load a page, I'm assuming. If you can't go to it directly, like with ...com/autocomplete.php (or whatever the path is) and have the page load, then the error will occur. It is normal in this situation. The code in View Counter doesn't have a way to determine if the file is displayable or not. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
auzStar Posted September 18, 2016 Share Posted September 18, 2016 @@grandpaj @@Jack_mcs I don't know how View Counter works and why it is picking out the autocomplete.php file but to give you some background, the autocomplete.php file doesn't contain code in it to allow it to be viewed as a normal page, it only contains php code which extracts and returns the data to be displayed in the drop down list. The file is called upon using ajax JavaScript code by another script (within the twitter typeahead header_tag module), where the typed "search keywords" are passed to the autocomplete.php file through a querystring. This is normal functionality of using ajax. The autocomplete.php file pretty much uses the same search results code that exists inside the advanced_search_result.php file, having all the necessary sanitizing code to remove any harmful text entered in the search bar. So there shouldn't be any security concerns. So perhaps as Jack says you are only seeing a warning because the page can't be loaded as a normal page, but why is View Counter reporting the autocomplete.php file? cheers Quote My Add-onsAdvanced Cache Control Tool for osCommerce 2.3.x (non-bootstrap) Download SupportAjax Product Listing for osC 2.3.4 (bootstrap) Download SupportCategory New Products Carousel for osC 2.3.4 (bootstrap) Download SupportCategory Popular Products Carousel for osC 2.3.4 (bootstrap) Download SupportCustomer Testimonials for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download SupportFront Page New Products Carousel for osC 2.3.4 (bootstrap) Download SupportIndex Nested - Product Listing for osC 2.3.4 (bootstrap) Download SupportMatch Categories in Search Results for osCommerce versions 2.3.x (non-bootstrap) Download SupportModular Category Page for osC 2.3.4 (bootstrap) Download SupportNEW Australia Post Shipping Modules for osCommerce 2.3.x (non-bootstrap) Download SupportNEW Equal Height Module for osC 2.3.4 (bootstrap) Download SupportProducts Low Stock Report for osC 2.3.x (bootstrap and non-bootstrap) Download SupportTwitter Typeahead Autocomplete Search for osCommerce 2.3.4 (bootstrap and non-bootstrap) Download SupportUpcoming Products Modules for osC 2.3.4 (bootstrap) Download Support Assisted Add-onsScroll Boxes for osCommerce 2.3.x (bootstrap and non-bootstrap) Download Support Bootstrap Add-ons created by other membersosCommerce Bootstrap Addons and Code Link to comment Share on other sites More sharing options...
Jack_mcs Posted September 18, 2016 Author Share Posted September 18, 2016 @@auzStar View Counter tracks any visited page. It might be seeing the load by ajax as a visited page or someone may have deliberately tried to access it. There's no way to know without troubleshooting it. @@grandpa I suggest keeping an eye on it. If it continues to happen, note the IP to see if it is the same as before. And be sure to check that IP to see if it is a suspicious one. It is probably nothing to worry about but it doesn't hurt to be careful. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted November 20, 2016 Share Posted November 20, 2016 @@Jack_mcs Hi Jack Just a wee "problem" Under "Show" in View Monitor Admin Bots Visitors All WhenI check Visitors I get the following Warning: Illegal string offset 'Country Code' in /home/grandp/public_html/My1975WeMini2a/view_counter.php on line 682 However under any of the others, when checked its all good. Is it something Ive done, I did reinstall View Counter, but everything else works absolutely fine.Look forward to your thoughts. Many thanks Grandpa Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 21, 2016 Author Share Posted November 21, 2016 See my reply on the previous page for this. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted November 21, 2016 Share Posted November 21, 2016 See my reply on the previous page for this. Sorry Jack. Missed it completely.Sorted Cheers Grandpa Quote Link to comment Share on other sites More sharing options...
Denzel Posted December 28, 2016 Share Posted December 28, 2016 Hi Forum, hi @@Jack_mcs ! Does anyone knows the problem, that the page changing doesnt work on monitor site ? The links were created correctly (.../view_counter.php?page=2) but it will be ignored completely (Displaying 1 to 20 (of 184 links)). Further I got a Warning: Illegal string offset 'file_name' in .../admin/includes/functions/view_counter.php on line 97 if I try to watch the Hacking attempts from the reports... I try to have a closer look at it today, but maybe someone else has the same issues with the 2.3 BS Edge... SEE YA Denzel. Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted December 28, 2016 Author Share Posted December 28, 2016 I tried it in my BS shop here and it worked correctly. Though my BS shop doesn't have the last two updates in it so I suppose that might be the reason. But the code in the admin doesn't change that often so it seems unlikely that would be the reason. The warning you see (see previous posts on this) suggest you are using a later version of php. That could be the cause - some incompatibility between the code and your version of php. Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Denzel Posted December 28, 2016 Share Posted December 28, 2016 Hi @@Jack_mcs my PHP Version is 5.6.29. I dont think, that it is a generally problem, cause the page up/down function works on other admin sites. I'll take a look now. SEE YA Denzel. Quote Link to comment Share on other sites More sharing options...
Denzel Posted December 28, 2016 Share Posted December 28, 2016 The other Contrib which is using the pagination starts a session... if (isset($HTTP_GET_VARS['page'])) { if ( ! tep_session_is_registered('page') ) tep_session_register('page'); $page = $HTTP_GET_VARS['page']; } maybe this is the clue ? SEE YA Denzel. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.