Jump to content

ericksaint

Members
  • Content count

    12
  • Joined

  • Last visited

Posts posted by ericksaint


  1. I haven't installed the newest, just saw it available this morning. I'll try to get it updated over the weekend. 

    It just did it again. Any switch in the settings to temporarily turn this particular function off? 

    Edit: I just set the "bad bot" switch to email only not both. Hopefully that will stop the site from getting knocked down all day. Until I can get this update installed. 


  2. So this had happened once before a while back, and I chalked it up as a fluke, now it's happened twice in the last 24 hours. When I recieve the email that says specifically about the url being altered, the site breaks. I end up with a server 500 error because the add on tries to add the ip to the htaccess, but it never adds the actual number, it just adds "deny from" at the bottom of the list. It's an easy quick fix because I know when I get that email I need to go in and check/fix the htaccess file. 

    Was this covered in this thread and I missed it? Is this the fix included above about adding the check in the newest version? 

    "The IP 87.238.193.48 attempted to alter the url in a way that is consistent with hacking attempts.

    ******* This IP should be banned *******.

    Click this url, http://www.projecthoneypot.org/ip_87.238.193.48, to find out more information about this IP." 


  3. 21 hours ago, Jack_mcs said:

    I've never an error like that for VC and no one else has reported it. The link it has is from a hacker from Russia trying to cause problems. I suppose that something in the session data for that visitor could cause the failure but I can't reproduce it so I can't say for sure. Just out of curiosity, what versiond of oscommerce and oho are being used?

    The error went away after I applied this fix, from the VC support thread, in the "Unserialize" portion of the file.

    The osC version is 2.3.4, sorry I'm not sure what "oho" means.


  4. I installed this add on and have fixed a few bugs from other posts in this thread. Mostly seems to be running fine now. Any ideas why I wouldn't be seeing a single trace of admin activity from my own IP? I am obviously logged into admin but it's not showing any of my clicks around the admin panel in the monitor when I have "Show: Admin" selected. I didn't see any place to ad specific admin IP, thought it picked it up when that IP logs in to the admin panel. There is also an htpassword protection on that admin link as well, if that matters.


  5. 11 hours ago, JcMagpie said:

    Have you blocked the bots in your .htaccess file?  Its not 100% but still worth doing.

    I'm very surprised that a simple bot downloading images has got your site block by your host! Perhaps you need to look further at what is happening, also most hosts will give you several warnings about bandwidth usage before blocking! If yours did not perhaps you should look for a better host.

    Bot lists are changing all the time so you need to see which works for you, this is another one you may want to try. http://tab-studio.com/en/blocking-robots-on-your-page/

    Add this to your .htaccess  you can add any other bots you find accessing your site. Be sure to back up your file first.

     

    I have not blocked anything specific at this point, like above, in .htaccess. It gave a couple warnings about the increased traffic over about 3 days, from what I'm told, then ended up with the block. I just watch over the "code" part of the site for a friend. I don't get emails from his host. I just have access to the  host server side interface and admin panels so I can help try to fix things when they go awry. I'm the "friend that knows about computers" if you will.


  6. 5 hours ago, Jack_mcs said:

    @Ericksaint  That is most likely caused by data skimmers. They are non-friendly bots that scour a site for data they can use or sell. Some will be hackers. If the site has been active for 10 years, then it has had them on before. It is just now there are either more of them or they are hitting at the same time. Many times it is due to know bots like yandex, baidu and mj12bot, among others. Blocking by user-agent will sometimes work but some will not use or disguise that field so they can get by such blocks. I suggest you install View Counter. It will allow you to see who is causing the problem and to block them.

    I actually did install View Counter last night after posting this. I just went into the monitor to see what was happening over the night time hours. When I click on the "next page" button at the bottom right I get the following. The only change I made to the settings was to show 50 lines per page instead of the default. I'm pretty sure the name and email in the error are fake, trying to track it down now.

    Fatal error: Uncaught exception 'Exception' with message 'invalid data, remaining: :"navigationHistory":2:{s:4:"path";a:1:{i:0;a:4:{s:4:"page";s:14:"contact_us.php";s:4:"mode";s:6:"NONSSL";s:3:"get";a:1:{s:6:"action";s:4:"send";}s:4:"post";a:6:{s:6:"formid";s:32:"92046e082f1021b3d5689f048baa0ff4";s:4:"name";s:12:"VincentJeant";s:5:"email";s:18:"akkucz9494@mail.ru";s:7:"enquiry";s:113:"????????? ???????????? ?????? ????? <a href=http://495realty.ru/>495realty.ru</a>";s:20:"g-recaptcha-response";s:0:"";s:6:"submit";s:0:"";}}}s:8:"snapshot";a:0:{}}' in /home/XXXXXXXXXXXX/includes/functions/view_counter.php:1727 Stack trace: #0 /home/XXXXXXXXXXXX/includes/functions/view_counter.php(1325): UnserializeSession('sessiontoken|s:...') #1 /home/XXXXXXXXXXXX/view_counter.php(679): ShowCart('84fcdf65122c221...', 459, '') #2 {main} thrown in /home/XXXXXXXXXXXX/includes/functions/view_counter.php on line 1727

     


  7. Recently the site I watch over for a friend had a sudden traffic spike that led to his host shutting down his site for being over traffic. Never had a traffic problem once before in 10 years. Logs look like it's bots are just constantly downloading the entire image directory. Is there any way to protect this folder so the images can't be downloaded, but they can still be accessed when people click on the item in the store? I've tried blocking IP's through the server, but they just come back with other IP's.


  8. Sorry, I'm not getting reply notification emails from this thread for some reason. I was able to get a recaptcha add on working and it has solved the immediate problem.

    The reason I was asking about the person creating an account is because to stop the fake accounts I literally broke the create account page by renaming it to create_account.BAK and turning off the new user module, and somehow he still created an account and placed an order. If I went to the page it gave a 404 error,  rightfully so because technically the page didn't exist, so not sure how he was able to create an account.

    I'll go trough the included files and do a compare when I have some more time to put towards the problem. Thanks for the help that you gave, it at least tells me where to look for a solution.


  9. I'm about to admit defeat. I admittedly don't know much about PHP, and just help a guy that knows nothing, by copy and pasting repairs and adding modules for him as needed.

    The module has been installed in header tags since I installed and got it working for the contact us page. Create account page is selected from the list in that module. I have tried adding the above script code in multiple places within the file,top of the code, bottom of the code, including above and below the changed line that adds the validateMyForm, inside the honeypot containers of the code added above buttonSet. 

    As soon as I change the file from .BAK back to .php the site starts getting hammered with fake accounts again. I can't turn it back on again for long enough to test it myself, if I refresh the admin page I see all the new accounts within minutes. I can see them hitting it in the server logs too while that file extension is changed, but it returns an error because the file doesn't exist. I have banned about 20 ranges of IP's but since there are literally millions of those it's unreasonable and I cant even stay on top of it.

    I might just have to try find a "I'm not a robot" module and get it installed, gotta be better than whats happening now. I wanted to try this because it seemed like a better solution,  but it has me defeated. And oddly enough, even with the new user module turned off, and the create account misnamed, some guy from Switzerland was able to create an account yesterday and place an order. How can that happen? Guest ordering is off. If you add something to the cart, the way it is now with new user turned off, it asks you to login. You don't need to have an account to checkout through paypal but I don't think  it can create an account that way. Is there some kind of back door, or something I don't have turned on/off.

     


  10. I swapped in the code above and the form works now, but when I swap in the "verify" code, I can still create test accounts. If i switch the display value to inline I can see the box with "some text" in it, but still lets me make accounts. :(

    <input type="text" name="honeypot" value="some text" id="honeypot" />

     


  11. Thanks! I'll give it a shot. They are definitely using a script there were a few hundreds added in minutes until I blocked the first offending IP, then they came back with another IP a few days later.

    I'm guessing I still need to keep the code above the "buttonSet" correct?


  12. I added this to contact_us and it seems to be working. I'm trying to add this to create_account and I'm missing something. 

    I tried changing ...

    <?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'onsubmit="return check_form(create_account);"', true) . tep_draw_hidden_field('action', 'process'); ?>

    to...

    <?php //BEGIN HONEYPOT ?>
    <?php echo tep_draw_form('create_account', tep_href_link('create_account.php', 'action=send'), 'post', ' onsubmit="return validateMyForm();" class="form-horizontal"', true); ?>
    <?php //END HONEYPOT ?>

    What am I missing? Store version is 2.3.4. It's clearly not the same type of change as the contact form. I'm obviously not great with php, but just trying to help a friend that is getting hammered with thousands of new fake accounts a day. Currently I have the page set as a BAK file instead of php so they cant get it. I was able to ban a few cullprit IP's that I found in the log and slow it down, but there were still random fakes coming in until I changed the file extension.

    Any help would be greatly appreciated.

    Edited to add. I did put this code in place, but even after changing the line verify it was working or not, I was still able to create test accounts.

    FIND:
    
      <div class="buttonSet">
    
    ADD ABOVE IT:  
      
      <?php //BEGIN HONEYPOT ?>
      <div style="display:none;">
        <label>Keep this field blank</label>
        <input type="text" name="honeypot" id="honeypot" />
      </div>
      <?php //END HONEYPOT ?> 

     

×