Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Heads up, Hacker alert

expresshost

By expresshost
in Security

Recommended Posts

expresshost

expresshost

Posted
Posted

Ok, i have been using OSC for years and have never see so many attempts lately,

 

Just thought I would post this as I was looking at my logs when in real time this was happening to one of my carts.

 

Saw this coming in and they search for the /admin/login.php file

 

http://www.google.com/search?q=allinurl:/product_info.php%3Fproducts_id%3D+%22order%22&hl=en&ei=w7JJTNqVEsK88gb2mpSDDw&start=140&sa=N

 

They are searching google and looking for all sites that have not changed the admin directory.

 

Here is the IP they used,

 

113.169.107.29

 

All they got was a 404 since i changed my admin directory. But what i did is change it back to admin after I blocked the whole class A IP space.

You would be surprised what I found, they could have any info including your customers CC#. Try it, you will be shocked.

 

http://mydomain.com/store/admin/orders.php/login.php?page=1&oID=165&action=edit

Link to comment
Share on other sites
expresshost

expresshost

Posted
  • Author
Posted

Ok, i have been using OSC for years and have never see so many attempts lately,

 

Just thought I would post this as I was looking at my logs when in real time this was happening to one of my carts.

 

Saw this coming in and they search for the /admin/login.php file

 

http://www.google.com/search?q=allinurl:/product_info.php%3Fproducts_id%3D+%22order%22&hl=en&ei=w7JJTNqVEsK88gb2mpSDDw&start=140&sa=N

 

They are searching google and looking for all sites that have not changed the admin directory.

 

Here is the IP they used,

 

113.169.107.29

 

All they got was a 404 since i changed my admin directory. But what i did is change it back to admin after I blocked the whole class A IP space.

You would be surprised what I found, they could have any info including your customers CC#. Try it, you will be shocked.

 

http://mydomain.com/store/admin/orders.php/login.php?page=1&oID=165&action=edit

 

I should have said, just change the domain name and directory to where you cart is in the link above.

 

Good luck.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...