Search found 26 matches

Search found 26 matches

Re: Warning: Bruteforce/DDoS against OpenCart based websites

We actually run two, hand in hand. CSF and Imunify360. Immunify support which we pay for could not mitigate it either. They gave up in the end and fobbed it off as a DDOS attack to wiggle out of helping. We certainly tried every suggestion from this thread and many others, and as the others have rep...

Jump to post
  • Tue Jun 21, 2022 3:31 pm
  • Replies 92
  • Views 61801
Re: Warning: Bruteforce/DDoS against OpenCart based websites

Just my twopence and what we did. It might help someone. We are not server techies but this worked for us. We have 3 servers that have several hundred installations of Opencart on them and they are all being hammered and have been for a while. The servers have fallen over a few times due to the load...

Jump to post
  • Mon Jun 20, 2022 9:22 pm
  • Replies 92
  • Views 61801
Re: PayPal Commerce Platform Integration Bug

We are installing the one from the marketplace on Paypals instructions and this one has the problem. So where should I post this so Opencart are aware of the problem and work towards making a better package for everyone as clearly they have been ignoring the comments that have highlighted the issue ...

Jump to post
  • Wed Apr 28, 2021 10:53 pm
  • Replies 5
  • Views 964
Re: PayPal Commerce Platform Integration Bug

Opencart wrote this module and PayPal are actively giving it to my clients

Jump to post
  • Wed Apr 28, 2021 10:44 pm
  • Replies 5
  • Views 964
PayPal Commerce Platform Integration Bug

I know this isn't a core code bug but Opencart wrote this module and PayPal are actively giving it to my clients to install when they open a merchant account as the go to replacement for the Paypal Pro extension thats preinstalled. https://www.opencart.com/index.php?route=marketplace/extension/info&...

Jump to post
  • Wed Apr 28, 2021 10:10 pm
  • Replies 5
  • Views 964
Re: These two modules are vulnerable - Over 100 of our sites hit

Unfortunately checking the file extension is rudimentary and pointless. There are many ways in PHP to validate images. mime_content_type() getimagesize() exif_imagetype and there are tons of libraries that have been written for exactly this problem. Anyway, Im signing off. The bank holiday weekend c...

Jump to post
  • Thu Apr 01, 2021 9:42 pm
  • Replies 11
  • Views 1521
Re: These two modules are vulnerable - Over 100 of our sites hit

Actually you are completely wrong. If you examine the rest of the code by downloading the free version of the blog. You will see the function is part of a larger open source library that the developer is using to manage the uploads. We can see the developer has hardcoded only .jpg, png and gif in th...

Jump to post
  • Thu Apr 01, 2021 9:06 pm
  • Replies 11
  • Views 1521
Re: These two modules are vulnerable - Over 100 of our sites hit

Did you miss this bit straightlight? Let me highlight it for you:-

We have reached out to the developers but not had a reply

We are running on versions 2 and 3

Jump to post
  • Thu Apr 01, 2021 8:24 pm
  • Replies 11
  • Views 1521
[SOLUTION] Quick fix for d_blog vulnerabilty - Over 100 of our sites hit

These two plugins for a blog add-on are vulnerable to a file upload attack. https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=10468 https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=26325 The hackers are using the public function ...

Jump to post
  • Thu Apr 01, 2021 8:04 pm
  • Replies 11
  • Views 1521
Re: Opencart creating suspicious malware files in the servers root /tmp folder

Thanks very much for the pointer. I will take a look at this and lock down the sites.
Thanks again
Gary

Jump to post
  • Fri Aug 16, 2019 9:13 pm
  • Replies 2
  • Views 2100
Opencart creating suspicious malware files in the servers root /tmp folder

We are a design agency purely running Opencart on our servers. Versions we have installed range from 1.5.6.4 upwards. Our malware and virus software on the webserver is starting to pick up files in the /tmp folder. The files are Opencart session files so we believe Opencarts upload functionality is ...

Jump to post
  • Thu Aug 15, 2019 3:30 pm
  • Replies 2
  • Views 2100
Possible Vulnerability. Any advise.

We are a design agency purely running Opencart on our servers. Versions we have installed range from 1.5.6.4 upwards. Our malware and virus software on the webserver is starting to pick up files in the /tmp folder. The files are in the format of Opencart sessions so we believe Opencarts upload funct...

Jump to post
  • Wed Aug 14, 2019 4:27 pm
  • Replies 2
  • Views 507
Re: Password attack help

For now, I have added the common/login as the failure point in ModSecurity. If a referer hits this multiple times they are failing with a password. Setting it to 10 times in an hour gives genuine administrators a few times to get it wrong without getting blocked. It's not perfect, agreed, but it is ...

Jump to post
  • Tue Sep 26, 2017 10:10 pm
  • Replies 3
  • Views 6263
Password attack help

I am not sure if the community is aware but there is a Python script circulating online that automates a brute force attack on the Opencart admin login page. We are a design agency who use Opencart for our clients. We have several servers with a dozen or so installations on each. They are pretty muc...

Jump to post
  • Tue Sep 26, 2017 3:33 pm
  • Replies 3
  • Views 6263
Re: Openbaypro not working in 2.2

Yes. Believe me it was a battle getting help from them. When I finally got him on the phone he was helpful and established quickly that things were not correct. I would imagine there will be a patch out soon but once again another module that has not worked or has not been tested for version 2.2 as ...

Jump to post
  • Fri Jun 10, 2016 9:20 pm
  • Replies 2
  • Views 500
Openbaypro not working in 2.2

http://forum.opencart.com/viewtopic.php ... 54#p622854

James has confirmed the Openbaypro preinstalled files with 2.2 do not work.

Jump to post
  • Fri Jun 10, 2016 4:31 pm
  • Replies 2
  • Views 500
Re: Openbaypro not working in 2.2

I managed to get hold of James. The lead developer at Openbaypro. After 2 days he managed to get things working. Redundant 2.1 functionality had been left in the module. So as it stands. Openbaypro for 2.2 does not work. You will need to upgrade once they release a patch if you currently have it ins...

Jump to post
  • Fri Jun 10, 2016 4:29 pm
  • Replies 4
  • Views 731
Re: Openbaypro not working in 2.2

We have thanks. Nothing.

We have also just installed a base Opencart 2.2 without any modifications and Openbaypro is not working so this has eradicated the possibility of a module interference.

Jump to post
  • Mon Jun 06, 2016 10:10 pm
  • Replies 4
  • Views 731
Openbaypro not working in 2.2

Can anyone shed some light with OpenbayPro please Their support is next to zero. We have had a support ticket in for 4 weeks and after a dozen phone calls to their office they haven't even logged in to our site to take a look. It seems they have one developer working on the project who has been away...

Jump to post
  • Mon Jun 06, 2016 9:18 pm
  • Replies 4
  • Views 731
Re: Opencart 2.2. Source edit doesnt save changes

I am afraid this code edit you suggested didnt work

Jump to post
  • Wed May 25, 2016 4:27 pm
  • Replies 8
  • Views 1739

Search found 26 matches