Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. ArtcoInc

    Hack attempt - is there a way to prevent this?

    @greasemonkey (while off topic regarding hack attempts ...) I also reviewed that search add-on here ... M
  3. Today
  4. greasemonkey

    Hack attempt - is there a way to prevent this?

    As a suggestion for a different smart search that doesn’t write to your DB... try this one (I’ve been using it for a couple years... works great). https://apps.oscommerce.com/Redirect=9351
  5. ArtcoInc

    Stop Google adding bogus names

    @trophy As others have stated, Google is not doing this. A spammer or hacker is doing it. Using Google as an email address, or as a company name, is very common. I get a number of these on one of my shops all the time. M
  6. JcMagpie

    Hack attempt - is there a way to prevent this?

    A simple string scrubbing function using, https://www.php.net/manual/en/function.preg-replace.php function ScrubInput($input) { // allow only letters //$scrub = preg_replace("/[^a-zA-Z]/", "", $input); // allow only letters and numbers //$scrub = preg_replace("/[^a-zA-Z0-9]/", "", $input); // allow only letters, numbers, and whitespace $scrub = preg_replace("/[^a-zA-Z0-9\s]/", "", $input); // Let's get rid of all CAPS $scrub = strtolower($scrub); // limit input to 40 chars $scrub = substr($scrub, 0, 40); // Let's get rid of all CAPS $scrub = strtolower($scrub); return $scrub; } // test the function echo ScrubInput("iaja this 1237412~! is @#$%^&*() how -=+_] it [{};:/ works .,>?OKAMNBVCXZLKJHG'\""); ?> Result: iaja this 1237412 is how it works ok
  7. ArtcoInc

    Hack attempt - is there a way to prevent this?

    @pete2007 Out of the box, osC does not save search queries in the database. I'm using an add-on called SmartSuggest that, amongst other things, creates a new database table and saves the search queries. I find this important since I can now see what people are searching for, and use that information to either adjust the text on my site, or adjust my product lines (if I sell apples, and people are searching for oranges ... ). M
  8. Jack_mcs

    Hack attempt - is there a way to prevent this?

    @ArtcoIncThe r87 dot com is a site on godaddy. You could report it as a spammer and/or block its IP's. Although the whois for it lists quite a few similar names so I suspect this guy wouldn't be easily stopped. Limiting the search string probably won't make a difference since they can type directly into the url. Many times the hackers will enter some invalid command so that an error is displayed that gives them more details about the database. You can test your site here to see if that is the case. Also be sure that anything entered in the search does not show up on the page after the search. This doesn't occur with the CE version but might with older versions. If your search doesn't require any special characters, then I suggest you change this code in the advanced_search_result.php file if (isset($_GET['keywords'])) { $keywords = tep_db_prepare_input($_GET['keywords']); } to this if (isset($_GET['keywords'])) { $keywords = preg_replace('/[^\w]/', '', $_GET['keywords']); $keywords = tep_db_prepare_input($keywords); } That will remove everything from the search string other than letters and numbers.
  9. pete2007

    PayPal Express ~ Duplicate Orders

    @peterbuzzin is it possible to add a script like this to the contact us submit button, this is also very slow? thanks
  10. Your host ought be able to tell you if you're on some spam blacklist. They may even tell you that they added you because you sent out too many emails in a short period. They don't want their servers listed as spammers, either. It's fine to email newsletters from your shop's domain, but it should probably be left to a proper bulk email application that knows how to obey host limits for per-minute, per-hour, per-day mailings. It should also try to distribute evenly and at a polite rate to major email systems like gmail, hotmail, yahoo, etc., so they don't feel overwhelmed and report you as a spammer. Do you really need to get all 5000 emails out within one hour? How about over 2 days or so? Needless to say, all mass mailings must be explicit "opt in", and should include a reminder that the recipient signed up to receive them, and a reminder on how to easily unsubscribe. The latter two items reduce the chances that a recipient will report you as a spammer, simply to stop receiving mass mailings from you.
  11. MrPhil

    How do I use function __construct in this code?

    admin/includes/classes/shopping_cart.php admin/includes/classes/table_block.php includes/classes/alertbox.php Do any of these look like trouble? I.e., a dummy __construct() added to silence the PHP 7 deprecated warnings, but should either have been function classname() renamed to __construct, or __construct() calling classname()?
  12. JcMagpie

    Hack attempt - is there a way to prevent this?

    As the input filed is controled by function html_output.php we can not control directly. So in the template file of the search simply add a bit of js to limit input. <script> $("input").attr("maxlength", 20) </script> You should let your customers know a limit is set.
  13. Tsimi

    Stop Google adding bogus names

    Fake accounts with google as company name? Check here https://forums.oscommerce.com/topic/492566-fake-accounts/?do=findComment&amp;comment=1781581
  14. Hotclutch

    Stop Google adding bogus names

    It's not Google, you're being spammed.
  15. trophy

    Stop Google adding bogus names

    Not sure about Google results, they appear in my customers section. I assume it is google as they put google in the company name. The names are bizarre like wise the address .
  16. Hotclutch

    Stop Google adding bogus names

    Google does not do this. If there is something appearing in Google results that you don't like, then it's your script generating it, and it must be fixed.
  17. pete2007

    Hack attempt - is there a way to prevent this?

    Thank you for your reply, where about's can I limit the text for the search?
  18. JcMagpie

    Hack attempt - is there a way to prevent this?

    It's not just search, any form on your website that allows the visitor to enter text that is saved to your database is a backdoor for hackers. Search is easy, just remove osC search and replace it with google search nothing saved on your db by this, or limit text input to just on or 2 words. All forms should have some sort of captcha and text cleanser built in to prevent saving scripts to db. Reviews is another one that is targeted by hackers.
  19. Well talk to your host, many like Go *******dy will have limits set for number of emails sent per min/hour/day..... So deppending on how many you sent you may have been black listed. Talk to you host and find out. Personaly never been a big fan of ecarts beeing used for mass mailing too risky as you may get your domain black listed, much better to use a proper email marketing tool or services, mail "monkey" 😊 or some other you have many to select from, they are designed for this type of mass mailling work.
  20. It is a redirect so just test this by removing commeting out code in .htaccess file. Then check if it works. Also check if your normal admin login works, if it does then remove the new admin and clear cache and sessions and carfully make new admin and check again.
  21. BrockleyJohn

    How do I use function __construct in this code?

    Can you find them again?
  22. I sent a newsletter via oscommerce newsletter manager yesterday but now I am not receiving my order confirmation emails. Is it possible that my IP address and email is now blacklisted? Is there anyway to check? Is there anyway to fix the problem? Thank you in advance.
  23. I've been trying to setup a user/pass for my admin directory but every time I set this up and visit the admin panel I get pushed to the homepage. I've checked all .htaccess files and can't see anything that will redirect. Has anyone else had this problem? Is there a better way to add an extra layer of security over the admin panel? Thank you in advance.
  24. pete2007

    Hack attempt - is there a way to prevent this?

    Is there anyway we can turn off the search queries being saved to our databases?
  25. How can I stop Google adding fake names as customers. They add about 4 a day, I find this annoying.
  26. puggybelle

    Hack attempt - is there a way to prevent this?

    What did you check in your database? I really didn't know what else to look at, other than make sure the 'search_queries' table was empty after deleting the report. Then, of course, I put the maxlength limit on the search field here, there and everywhere. Now I'm thinking it should be even shorter than what I assigned. My keyword report resembled yours. I had one entry, though, that was probably eight lines of code alone. Should I check anything else? This stuff always shakes me up. - Andrea
  27. Yesterday
  28. ArtcoInc

    Hack attempt - is there a way to prevent this?

    @puggybelle I had an attack on one of my sites yesterday ... I also have a Keyword Search Report on this site. I hadn't checked it in a while, but after reading your post, I went to check it out. Guess what? Same thing here ... That's just part of one page! There are over 20 pages of this! Thank you for reporting this ... I wouldn't have thought to look at this. Malcolm
  1. Load more activity
×