Jump to content

Rwe

Members
  • Content count

    130
  • Joined

  • Last visited

Posts posted by Rwe


  1. 13 hours ago, artfulweb said:

    CHARSET

     

    17 hours ago, Jack_mcs said:

    CHARSET

    I found the same in my logfiles:

    error log:
    PHP Warning:  Use of undefined constant CHARSET - assumed 'CHARSET'

    -----------------------------

    This error was initiated by a bot / hacker with a couple of te next  urls :

    access.log:
    [06/May/2020:14:55:04 +0200] "GET /somebrand-m-429.html?ceid=kj1oe5oi9m948qfga4evf5dt2f&pHFd%3D8021%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23 HTTP/1.0" 200 9791 "-" "Opera/9.12 (Windows NT 5.0; U; ru)"

    seems this url takes the system down and CHARSET cannot be found. ?


  2. 2 minutes ago, raiwa said:

    To rewrite the page is a fix for the problem

    Okay i understand.

    I think this same issue will also affect write_pwa.php? ( addon purchase without account) . I cannot test this  at the moment as the review link is in the order confirmation e-mail.


  3. USU5.  just noticed a problem with the write review URL's.

    when not logged in to my shop and trying to write a review , then after login the link to write a review should be : www.myshop.com/ext/modules/content/reviews/write.php 

    in fact it redirects after login or after create a new account  to : www.myshop.com/write.php  (this returns a 404)

    when already logged in there is not a problem with the url.

    I suspect it has something to do with : "set php_self in the local scope" in application_top.php because when i set the old code back it works as it should. but my knowledge is limited on this..

    anyone have some ideas how to fix this ?

    thanks

    Reinder


  4. Hello @raiwa

    installed the Related_Products_234_BS_6.6.

    google structured data test gives all related products as separated products and not related to any product

    w3c validatation gives the following errors:

    Error: The itemprop attribute was specified, but the element is not a property of any item. ( isRelatedTo, url, name,  offers, pricecurrency,  price)

    i have installed the HT product_schema.php wich works correctly for the main product.

    is there something missing in the HT product_schema.php, some code for related products?

     

    i am Using Frozen v2.3.4.1 CE

     


  5.  

    2 hours ago, mhsuffolk said:

    what are they trying to achieve

    These seem to be forum spammers, they sign up and later they will try to spam their sh*t  on your forms using the signup details.

    if i look in my error.log i can see that they also try to visit  contact_us.php and  www.forum.mysite.nl even if it does not exist.

    i block them by honeypot system, its working .


  6. The registration is commonly made by robots who look at the right form fields. firstname, lastname , email etcetera.

    I had this problem too the last weeks of fake accounts exactly as mentiont earlyer.

    I did the following to trick them;

     

    1 in create_account.php duplicate the firstname input field (just plain html input field can too)and place it before the original firstname field  and add a class to the div and  and hide it (css display:none  ! not use a style="")

    2 rename the original firstname field with a newname ( name ="newfirstname")  + change :  $firstname = tep_db_prepare_input($_POST[newfirstname']);

    3 make a rule to give an error when the formfield fistname is being filled up by the robot and place it  in the top somewhere between the other fom check codes:

     if(!empty($_POST['firstname'])) {
      $error = true;
     }

     

    Finished.

    i can see in the server logs that the robot has been trying but could not make an account. for now this is working for me.

    i hope i could help with this .

     

     


  7. installed ultimate seo urls for BS ,  i thought it was working as expected but checking the cache function it seems this is not working on each of the 4 cache options ( mysql, file, sqlite, memcache). Setting it on sqlite or memcache gives internal server error these might not be supported.

    No data is stored. The folder permissions for file/ sqlite are 755 ( checked 777 too with same results).

    i made a debug test:

    Standard URI produced: 24
    SEO URI produced: 114
    Query Count: 112
    Queries Saved: 2
    Cache load time: 0.0001 seconds ( includes gzinflate/base64_decode/unserialize )
    Data loaded from cache: false ( Cache System: File_Cache_Module )
    Total query time: 0.0042 seconds
    Cache system is On
    ---------------------------------------

    Anyone has an idea? Thanks in advance.

     

×