Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

possible hack site attack warning


Recommended Posts

something has started happening and i would like others to check aswell.

almost 100gig of bandwidth in 1 month used up by bots.  "facebookexternalhit" and "Unknown robot identified by bot\*"

i also noticed some IPs in cart urls... and it seems they flood cart with products 2000+

has any one else seen this type of this?

have just blocked those IPs for now, until we can look into the problem.

 

 

 

 

 

 

Link to comment
Share on other sites

37 minutes ago, mafiouso said:

has any one else seen this type of this?

Yes, I have seen it on a number of sites, all within the last few weeks. The IP's I checked were all known hackers. Blocking them made a big difference (about 20 - 30 of them). It would be better to block all of Facebooks IP's but that would stop legitimate connections.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

12 hours ago, Jack_mcs said:

Yes, I have seen it on a number of sites, all within the last few weeks. The IP's I checked were all known hackers. Blocking them made a big difference (about 20 - 30 of them). It would be better to block all of Facebooks IP's but that would stop legitimate connections.

are you able to share the ips so we can comapre?

Link to comment
Share on other sites

35 minutes ago, mafiouso said:

are you able to share the ips so we can comapre?

Here are the ones I blocked. If you scroll down on this page, you will see where the first IP was doing something it should not have. the others are similar.


173.252.83.18
173.252.83.11
173.252.83.32
173.252.83.27
173.252.83.19
173.252.83.116
173.252.83.15
173.252.83.29
173.252.83.117
173.252.83.119
173.252.83.23
173.252.83.1
173.252.83.16
173.252.83.5
173.252.83.2
173.252.83.22
173.252.83.12
173.252.83.118
173.252.83.14
173.252.83.26
173.252.83.6 
173.252.83.21
173.252.83.3
173.252.83.13
173.252.83.30
173.252.83.24
173.252.83.28
173.252.83.7
173.252.83.120
173.252.83.25
173.252.83.8
173.252.83.9
173.252.83.31
173.252.83.17
173.252.83.10
173.252.83.20
173.252.83.4
173.252.87.120
173.252.87.14
173.252.87.117
173.252.87.119
173.252.87.4
173.252.87.11
173.252.87.10

37 minutes ago, mafiouso said:

and i am wondering if there is a vulnerability with the cart size being exploited by filling the cart with thousands of items ? 

I haven't seen that so I can't say for sure. It might be that they are trying to trigger a failure. On failures, for some shop versions, the database call will be displayed so that would give the hacker more things to work with.
 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

im pretty sure they are killing the bandwidth by flooding the cart, as its very had to see this in webstats.

2500+ items

is there anyway to limit cart size? or whats the best way to fight this? ver 2.3

people should be warning about this.

 

 

 

Link to comment
Share on other sites

9 hours ago, mafiouso said:

is there anyway to limit cart size?

There are serveral addons that do that but for a quick change, in includes/classes/shopping_cart.php, find

    function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {

add after (to limit to 10)

$qty = 10;

 

9 hours ago, mafiouso said:

whats the best way to fight this?

The only way to stop them is to block them. Install View Counter and/or Log Analyzer from here so that the IP's can be easily identified and blocked. 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

On 5/3/2024 at 12:19 AM, Jack_mcs said:

There are serveral addons that do that but for a quick change, in includes/classes/shopping_cart.php, find

    function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {

add after (to limit to 10)

$qty = 10;

 

The only way to stop them is to block them. Install View Counter and/or Log Analyzer from here so that the IP's can be easily identified and blocked. 

it seem this is just adding 10 times of the item added to card

    function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {
        $qty = 10;

 

 

i have also blocked so many ip. they just keep using new ones

 

Link to comment
Share on other sites

4 hours ago, mafiouso said:

it seem this is just adding 10 times of the item added to card

Do you mean 10 x qty or 10 each time? It should be the latter, though I haven't tested it. If you want to limit the quantity but not set it to a value, change it to

$qty = ($qty > 10 ? 10 : $qty);

 

4 hours ago, mafiouso said:

i have also blocked so many ip. they just keep using new ones

Yes, that is the way of those people. There's no way to stop them all unless you can identify something common to all of the IP's. For example, they all belong to Facebook so blocking Facebook or the CIDR for Facebook will stop them But that also blocks good Facebook from the site, assuming you want that. You would need to go through the server logs to see if there is something else that can be used. Also check the IP's since they may come from a country or server that can be blocked.

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Had another thought. Let's say that the most anyone has ever purchased for a product is 20. You could change the code to the following. That will issue a 404 for those trying to add too many items. That would be better than limiting the quantity because, most like, such people are up to no-good and limiting the quantity would still allow them to add to cart.

if ($qty > 20) {
 $url = HTTPS_SERVER . DIR_WS_CATALOG . '404.shtml';
 header("Location: $url");
}

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

16 hours ago, Jack_mcs said:

Do you mean 10 x qty or 10 each time? It should be the latter, though I haven't tested it. If you want to limit the quantity but not set it to a value, change it to

$qty = ($qty > 10 ? 10 : $qty);

 

Yes, that is the way of those people. There's no way to stop them all unless you can identify something common to all of the IP's. For example, they all belong to Facebook so blocking Facebook or the CIDR for Facebook will stop them But that also blocks good Facebook from the site, assuming you want that. You would need to go through the server logs to see if there is something else that can be used. Also check the IP's since they may come from a country or server that can be blocked.

 

10 of each item in qty.

i changed to this

   function add_cart($products_id, $qty = 10, $attributes = '', $notify = true) {
        

and now it does 10 different items, and then goes back to empty on 11? is that ok code?

Link to comment
Share on other sites

The change in the function just sets the default quantity of none is present. So that would actually increase the number in the cart if a number wasn't given.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

16 hours ago, Jack_mcs said:

The change in the function just sets the default quantity of none is present. So that would actually increase the number in the cart if a number wasn't given.

sorry i dont understand? and im confused on the correct way to limit cart to 10 different items

 

 

 

Link to comment
Share on other sites

12 hours ago, Jack_mcs said:

Did this change not work?

 

im confused to what i am making the change to?

is it to this?

function add_cart($products_id, $qty = '1', $attributes = '', $notify = true) {

thanks

Link to comment
Share on other sites

That change won't help with normal operation since the quantity is always required. But it might be that the hackers are able to somehow add without a quantity. So setting it to whatever you want shouldn't hurt and may help. But the line after it that I mentioned should also be used if you want to be sure to limit quantities for everyone.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

On 5/9/2024 at 4:13 AM, Jack_mcs said:

That change won't help with normal operation since the quantity is always required. But it might be that the hackers are able to somehow add without a quantity. So setting it to whatever you want shouldn't hurt and may help. But the line after it that I mentioned should also be used if you want to be sure to limit quantities for everyone.

hello, as explained/i dont understand how you are telling me to make the code change. thanks 

can you provide the full code line to change to

Link to comment
Share on other sites

18 hours ago, Jack_mcs said:

$qty = ($qty > 10 ? 10 : $qty);

so like this?

function add_cart($products_id, $qty = ($qty > 10 ? 10 : $qty); $attributes = '', $notify = true)

Link to comment
Share on other sites

No, as mentioned in my original post on this, the line with the quantity goes after the line with the function. I never said to change the line with the function in it.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

On 5/13/2024 at 3:16 AM, Jack_mcs said:

No, as mentioned in my original post on this, the line with the quantity goes after the line with the function. I never said to change the line with the function in it.

as mentioned, i dont understand and i am confused? 

can you please show the entire line, change for that section of code?

Link to comment
Share on other sites

11 hours ago, mafiouso said:

as mentioned, i dont understand and i am confused? 

can you please show the entire line, change for that section of code?

I don't understand where the confusion is. I can paste the code to change again but that won't help if you are confused by it. The line I mentioned goes after the line that has the word "function" in it. If that doesn't clear it up, please post that part of the code you have and I will take a look.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

On 5/16/2024 at 12:35 AM, Jack_mcs said:

I don't understand where the confusion is. I can paste the code to change again but that won't help if you are confused by it. The line I mentioned goes after the line that has the word "function" in it. If that doesn't clear it up, please post that part of the code you have and I will take a look.

do you mean like this?

 

    }

    function add_cart($products_id, $qty = 10, $attributes = '', $notify = true) {
    $qty = ($qty > 10 ? 10 : $qty);


      global $new_products_id_in_cart, $customer_id;

 

Link to comment
Share on other sites

12 hours ago, mafiouso said:

do you mean like this?

Yes, that is one of the changes I mentioned. It will limit the quantity to 10 if someone orders more than 10 (for one product). Otheriwse, the quantity will be whatever quantity was used.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...