Jump to content

Rwe

Members
  • Content count

    115
  • Joined

  • Last visited

Posts posted by Rwe


  1. 13 hours ago, artfulweb said:

    CHARSET

     

    17 hours ago, Jack_mcs said:

    CHARSET

    I found the same in my logfiles:

    error log:
    PHP Warning:  Use of undefined constant CHARSET - assumed 'CHARSET'

    -----------------------------

    This error was initiated by a bot / hacker with a couple of te next  urls :

    access.log:
    [06/May/2020:14:55:04 +0200] "GET /somebrand-m-429.html?ceid=kj1oe5oi9m948qfga4evf5dt2f&pHFd%3D8021%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23 HTTP/1.0" 200 9791 "-" "Opera/9.12 (Windows NT 5.0; U; ru)"

    seems this url takes the system down and CHARSET cannot be found. ?


  2. 2 minutes ago, raiwa said:

    To rewrite the page is a fix for the problem

    Okay i understand.

    I think this same issue will also affect write_pwa.php? ( addon purchase without account) . I cannot test this  at the moment as the review link is in the order confirmation e-mail.


  3. USU5.  just noticed a problem with the write review URL's.

    when not logged in to my shop and trying to write a review , then after login the link to write a review should be : www.myshop.com/ext/modules/content/reviews/write.php 

    in fact it redirects after login or after create a new account  to : www.myshop.com/write.php  (this returns a 404)

    when already logged in there is not a problem with the url.

    I suspect it has something to do with : "set php_self in the local scope" in application_top.php because when i set the old code back it works as it should. but my knowledge is limited on this..

    anyone have some ideas how to fix this ?

    thanks

    Reinder


  4. Hello @raiwa

    installed the Related_Products_234_BS_6.6.

    google structured data test gives all related products as separated products and not related to any product

    w3c validatation gives the following errors:

    Error: The itemprop attribute was specified, but the element is not a property of any item. ( isRelatedTo, url, name,  offers, pricecurrency,  price)

    i have installed the HT product_schema.php wich works correctly for the main product.

    is there something missing in the HT product_schema.php, some code for related products?

     

    i am Using Frozen v2.3.4.1 CE

     


  5. 1 hour ago, burt said:

    I have also changed a few other bits

    I noticed that the header navbar has changed too. More options for background and screensize

    Categoriebox can set level of subcategories to show, inside the code,  nice.

    A few of my addon modules need to be updated for bs4  Needs some work but until now not difficult to do.

    its fast and adapts better to smaller screensizes ig tablet size.

    Thanks @burt

     

     

     

     


  6.  

    2 hours ago, mhsuffolk said:

    what are they trying to achieve

    These seem to be forum spammers, they sign up and later they will try to spam their sh*t  on your forms using the signup details.

    if i look in my error.log i can see that they also try to visit  contact_us.php and  www.forum.mysite.nl even if it does not exist.

    i block them by honeypot system, its working .


  7. The registration is commonly made by robots who look at the right form fields. firstname, lastname , email etcetera.

    I had this problem too the last weeks of fake accounts exactly as mentiont earlyer.

    I did the following to trick them;

     

    1 in create_account.php duplicate the firstname input field (just plain html input field can too)and place it before the original firstname field  and add a class to the div and  and hide it (css display:none  ! not use a style="")

    2 rename the original firstname field with a newname ( name ="newfirstname")  + change :  $firstname = tep_db_prepare_input($_POST[newfirstname']);

    3 make a rule to give an error when the formfield fistname is being filled up by the robot and place it  in the top somewhere between the other fom check codes:

     if(!empty($_POST['firstname'])) {
      $error = true;
     }

     

    Finished.

    i can see in the server logs that the robot has been trying but could not make an account. for now this is working for me.

    i hope i could help with this .

     

     


  8. This week  i started to notice this in my error logs:

    Fri Aug 24 17:27:50.185002 2018] [proxy_fcgi:error] [pid 87397:tid 139653059434240] [client xxx] Premature end of script headers: index.php
    [Fri Aug 24 17:27:50.192088 2018] [proxy_fcgi:error] [pid 87397:tid 139653059434240] [client xxx ] AH01070: Error parsing script headers


    above 30 times the same in a row

    access.log:

    xxx-c-211.html?osCsid=prvpp15vi15v0vrkm88rele6qc&view=all%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%5C%27A%3D0 HTTP/1.0" 301 1010 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)"

    This is only one entry from maybe hundred after eachoter, all with the "view=all" parameter in it and they get longer by each line.

    i blocked already several ip's but they keep comming, what are they trying ...anyone ?

×