Post by head_dunce » Sat May 11, 2019 10:50 am


Jim
Middle Caicos, Turks and Caicos Islands


Active Member

Posts

Joined
Thu Apr 04, 2019 11:50 pm

Post by IP_CAM » Sat May 11, 2019 12:42 pm

Bad extensions now main source of Magento hacks: a solution!
Well, it could be the same with Opencart Sites, when Mods are
downloaded from shady Places. That's always a Risk, even with
'regular' Extensions, free or paid. We experienced such a Case
with a Crypto-Miner Code on the OC Extension Section already,
not so long ago.

But it always potentially dangerous, if someone, not familiar,
tries to modify a Car-Engine, or some Software. One just has
to be aware of that, and act accordingly. Access- and Error Logs
should be checked on a daily schedule, to find out, who's accessing
the Shop Site, and what 'Access Commands' are used for such. It's
Part of the Job, to make sure, like anywhere else in real life ... ;)
---
After locking out ~220 (OC Sites) IP Ranges so far, like:

Code: Select all

deny from 213.163.93.
deny from 213.251.
deny from 216.
and ~500 IP Ranges on my Swiss Club Site, in addition to about
800 HTTP_REFERER - HTTP_USER_AGENT - REQUEST URL Lines, like:

Code: Select all

RewriteCond %{HTTP_REFERER} ^.rambler\.ru [NC,OR]
RewriteCond %{HTTP_REFERER} ^.rv\.ua [NC,OR]
RewriteCond %{HTTP_REFERER} ^.dontknow\.me [NC,OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [NC,OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [NC,OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [NC,OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCapture [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^Alexibot [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^asterias [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus\.*Webster [NC,OR]
over the past 1.5 decades, I also redirect all OC Site Intruder href-links
to Vegas: :laugh:
It add's a little more to Security, and to not beeing targeted by those,
only adding to Traffic, for not one good reason at all. ;)
Ernie
---
Image

Attachments

security_log.jpg

security_log.jpg (201.89 KiB) Viewed 208 times


For Sale: Turnkey URLs with Opencart installed
My latest Opencart LIGHT Testsite: http://www.hitline.info
Attacker IP Blocks are denied from further access to my Sites!
Just contact me for more Information at: jti@jacob.ch
760 FREE OC Extension-Repositories - from OC v.1.5.x up
on the largest Opencart-Mod Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by OSWorX » Sat May 11, 2019 5:01 pm

It was, is, and it will be also in future the fact, that scriptkiddies, so some called hackers, other stupid people and as well criminals will try to steal everything they will find in the net.
Credit Card, bank account and personal data are on the top of their list.

At least, it is our responsibility when operating Webshops, to force the security.
Do everything we can, to make these stores as safe as possible.

That starts witht the provider/hoster: do not use any 'free' offer.
Second, try to avoid cheap offers, you may share the server with thousands of others (which can lead to be a victim if another website on the same server is hacked and is infecting all others).
Third, do not use extensions, modules, templates NOT from official sites, a result may such: viewtopic.php?f=199&t=211655&p=754807

Just to mention the most made mistakes.

Forum Rules [en]: viewtopic.php?f=176&t=200480
Forumregeln [de]: viewtopic.php?f=37&t=114208
Commercial Request: viewforum.php?f=88

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by head_dunce » Sat May 18, 2019 9:02 pm

Ernie -- why not use fail2ban ? Seems like it would save you a lot of time.

Jim
Middle Caicos, Turks and Caicos Islands


Active Member

Posts

Joined
Thu Apr 04, 2019 11:50 pm

Post by IP_CAM » Sun May 19, 2019 12:18 pm

Well, I don't feel like to ask my Hoster, to add some Code, just to
enable me to make use of things like fail2ban.
And I like to know, who's trying to give me a hard time. :P
It's interesting to see, what they use on Code, to possibly get in ... 8)

I use Razztech's free 301 Redirect Pages for OC:
https://www.opencart.com/index.php?rout ... n_id=25864
and Exife's (gone ...) nice OC Security Module, to get & have control,
without spending much time, except for frequently adding some IP's
to my ROOT .htaccess File manually too... :D

Ernie
PS: Lucky Me, to still use old things, they already exist :laugh:
---
PS: I have some Security-related OC Mod Downloads on Github,
just in case:
https://github.com/IP-CAM?utf8=✓&tab=re ... q=security
---
Image

Attachments

oc_1565_security.jpg

oc_1565_security.jpg (136.05 KiB) Viewed 60 times


For Sale: Turnkey URLs with Opencart installed
My latest Opencart LIGHT Testsite: http://www.hitline.info
Attacker IP Blocks are denied from further access to my Sites!
Just contact me for more Information at: jti@jacob.ch
760 FREE OC Extension-Repositories - from OC v.1.5.x up
on the largest Opencart-Mod Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 3 guests