Fake URL redirection by administration

[tgely]

 When I go Google webmasters and other statistic page, I see blank page with error 500 when I click broken link. Is this correct now?

 

No its bad. You have bad redirection. Could you give a test link? (pm if its confidental)

[♥altoid]

Over 3000 302 status hits handled last month with this add on.   :thumbsup:

[tgely]

Over 3000 302 status hits handled last month with this add on.   :thumbsup:

Could you group of hits? I wonder what patterns are representative in fake URLs.

[♥altoid]

That was from AWStats from my cPanel.

 

Here's this month to date:

 

**deleted.table would not render.

 

See image

 

 

 

 

 

Edited July 15, 2015 by altoid

[♥altoid]

Well, for some reason my image upload is failing....will try later

[♥altoid]

Until I get my attachments issue taken care of, what I can tell you is a lot of the 302s are looking for urls with parameters like sort, page, etc.  These probably aren't google or bing because have my webmaster tools set up to ignore those parameters.  Over the past 24 hours url redirects picked up over 150 new urls as 302s. I'm currently fixing these with phpMyAdmin. It's quicker that way for me.

[♥bruyndoncx]

just installed this in my development environment, reading through the installating docs, followed the link to the cpath fix on github.

includes/functions/general.php section

 

I think this does not need a LEFT join, just a regular JOIN all the way

 

+// Validate a category path to the product
+  function tep_get_validate_product_cpath($products_id, $cPath = '') {
+
+    $category_query = tep_db_query("select c.cpath from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c on(p.products_id = p2c.products_id) left join " . TABLE_CATEGORIES . " c on(p2c.categories_id = c.categories_id) where p.products_id = '" . (int)$products_id . "' and p.products_status = '1'");
+
+    while ($category = tep_db_fetch_array($category_query)) {
+
+      if ($category['cpath'] == $cPath) {
+        return true;
+      }
+
+    }
+
+    return false;
+  }

[♥bruyndoncx]

a little heads up, in your .htaccess the path to the error document handler is always from the document root,

so if you test in a subdirectory, you need to spell out the complete path.

Couldn't find an easy workaround solution, what i found on the web was rather complex and possibly interfering with other rewrite rules I have.

[♥bruyndoncx]

@@Gergely

 

I'm confused by this section on wildcards - not sure how it is intended to work

 

strstr function finds the first occurance of a string, did you mean to substring ? or looking for % or * position in the string ?

 

 

/* wilcards */
        // look after wildcards * only 301 redirections!

        // get all wildcards redirection examples
        // faster query search with 3 begining characters
        $search = strstr($requested_url, 0, 3) . '%' . '*';
        $found = false;

[tgely]

@@bruyndoncx

 

Thanks for testing !

you are right it should be substr

[♥bruyndoncx]

@@Gergely

 

In stead of the above substring, I'm using the basename function to match

 

so I can use *login.php and catch any login attempts, no matter what directory

 

for subdirectories it is not yet working ideally, but I think this way it catches most attempts ... we'll see in a few days

 

        //basename gives the filename or the last directory name
        $search = basename($requested_url);

/* wilcards */
        // look after wildcards * only 301 redirections!

        // get all wildcards redirection examples
        // faster query search with 3 begining characters
        //$search = strstr($requested_url, 0, 3) . '%' . '*';
        
        //basename gives the filename or the last directory name
        $search = basename($requested_url);
        $found = false;

[tgely]

@@bruyndoncx

its a good idea. :thumbsup:

[♥altoid]

@@Gergely Hello and a joyous Merry Christmas to you and yours.

 

My URL redirects is still showing 401, 403 and 404 redirects in the recorder even though I have that set to false in configuration.  Any suggestions?

 

Module version 1.2

 

Enable Dirname Record? False Enable 5xx Record? False

Edited December 23, 2015 by altoid

[tgely]

@@altoid Merry Xmas to you.

What else do you like if 401 doesnt work? False means that you dont need record functionality?
 

[♥altoid]

@@Gergely

 

Hello, what I want is to disable the 401, 403 and 404 codes from showing up in the recorder.  I have setting as False but these codes still appear.  Should

 

Enable Dirname Record? False

 

disable those in recorder?

 

Thanks

[tgely]

@@Gergely

 

Hello, what I want is to disable the 401, 403 and 404 codes from showing up in the recorder.  I have setting as False but these codes still appear.  Should

 

Enable Dirname Record? False

 

disable those in recorder?

 

Thanks

 

add the following code into .htaccess

# If you are getting errors you may need to comment this out like ..
# Options +FollowSymLinks
Options +SymLinksIfOwnerMatch

[azpro]

@@Gergely

 

Hi! All working perfectly .. Thanks for great solution to finally get rid of old/poorly inedexed url's.

 

But I am still confused by your http_error.php file in the package since it misses css references.

 

Off course I have read in the install files FAQ ..  you say:

 

 

Can I include template_top.php in http_error.php?

Not suggested. In the http_error.php have to use absolute urls. The standard core files use "base href" and relative urls. The robot will try to use bad url as relative image path and generate a lot of 404 page on templated http_error.php.

Why can I see a lot of wierd links?

Something maybe wrong, ask support in forum.

 

 

Could you explain some more about RELATIVE  and how to put in safely <link href="ext/bootstrap/css/bootstrap.min.css" rel="stylesheet"> (hardcode path) ?? And maybe a "safe" example of putting in at least the logo??

 

Thanks!

 

Arjan

[tgely]

Hi @@azpro,


only templates_top.php and templates_bottom.php are restricted.

Its easy as writing html pages.

insert css before the </head> tag

<link href="ext/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<script src="ext/jquery/jquery-1.11.1.min.js"></script>

and before the </body> tag insert this line:

 

<script src="ext/bootstrap/js/bootstrap.min.js"></script>

images are working on conventional way in html body:

 

<img src="storelogo.png">

[azpro]

@@Gergely Thanks!

 

So the "relative" is especially applicable to the images?

 

Because if I do put in template_top.php I cannot seem to find any differences with your file and putting in the head the manual css and jquery and bootstrap js links- links.

[tgely]

If you use "relatives" then add base href into the header

 

<head>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER . DIR_WS_HTTPS_CATALOG : HTTP_SERVER . DIR_WS_HTTP_CATALOG); ?>" />
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>" />
</head>