Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

bot that can follow forms? uh-oh


dreamscape

Recommended Posts

I have my allow guest review system in place so that unregistered users can review the games. To keep malicious reviews from appearing in the catalog, I use the review approval system.

 

I was looking it over today and noticed that on 04/16/2003, a completely blank review was made for every single game. I thought at 1st maybe it was somebody's idea of a funny joke. But the name is blank, the review text is blank, and the rating is blank. The javascript on the page will not allow the form to submit unless these are filled in.

 

so I am thinking maybe it was a bot crawling my site that did it. but bots are not supposed to be able to follow form actions. If this is the case, then I really hope it was some punk teen with JS disabled being funny, cause if it was a bot, we are all in trouble then cause it followed a form.

 

I will try to dig up the logs from the 16th to see just what it is that did it. I really hope it was a prank, but so far all signs lead to bot exepct the fact that it followed a form (all reviews submitted within a very short time of each other).

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Link to comment
Share on other sites

I found the perp. It is not a bot.

 

It is MSIE 5.0 on Windows 98; IP 67.117.62.225

 

who or whatever this is has hit my site more times in 2 days than I have in 3 months.

 

I dunno what they were doing but it grabbed about 5-10 pages at a time from site and each page grab was within 2 seconds of another.

 

dunno if this guy was trying to steal my site or what by grabbing all the pages but whatever he used, it followed forms. This also explains why around that time there was a user on the site with about $2 million worth of games in their cart. lol

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Link to comment
Share on other sites

Contact the ISP and have them track this one down for abuse or a hacked account:

 

[15:30] *** Resolved 67.117.62.225 to adsl-67-117-62-225.dsl.lsan03.pacbell.net

Link to comment
Share on other sites

I am not one to start conrontations and trouble so I have come up with a different solution. I saw he came back the other day and ate up 40MB more of bandwidth grabbing pages.

 

So I've put in an abusive user blocker type thing in application_top.php where if an IP from the abusive user array tries to access the site, they can only get to this page:

 

http://www.madmacgames.com/banned.php

 

It is based on your down for maintence Linda. In fact the code in app_top pretty much mirrors it in how it handles letting the person through or not.

 

so if he/she wants to grab all my pages, then I say let em... all they'll get is hundreds of copies of that one page there. :lol:

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Link to comment
Share on other sites

The "bot" was a program called black widow. I know because without knowing what damage could be caused we ran it on the web site. Most sincere apologies to any damage caused, but a loophole this large, needs to be brought to light. http://softbytelabs.com/blackwidow is the URL.

We will do some testing on our server to see if the occurs on the default oscommerce milestone piece. It?s the least we can do to prevent further issues.

:oops:

Link to comment
Share on other sites

Daryl, I don't think it will cause any troubles with the default MS1 install.

 

I have the "allow guest reviews" installed, so black widow was able to get to the write review page and it picked up the form link and followed it, effectively submitting a blank review on each game.

 

Though in a default MS1 install, if the "buy now" in product listings is enabled, the black widow would probably fill the cart up will all the products as the "buy now" is a link.

The only thing necessary for evil to flourish is for good men to do nothing

- Edmund Burke

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...