Post by rhorne » Fri Jan 25, 2019 5:31 pm

Last night we received 2025 return requests against order number 1.

These are not genuine and the name and email used in each one where just random strings and sample@email.tst. The telephone number was listed as 1 waitfor delay '0:0:111' -- - which suggests some sort of hack attempt.

Obviously I can just delete the returns. But is this something we should be concerned about? What is the recommended course of action.

Opencart 2.3.0.2

Active Member

Posts

Joined
Wed Jan 18, 2012 3:07 am

Post by rhorne » Fri Jan 25, 2019 5:33 pm

To follow up on the above, I've just been looking at some of the return requests and one has a model number of "-1' OR 2+163-163-1=0+0+0+1 -- " there's also another with "-1' OR 2+858-858-1=0+0+0+1 or 'UcvXzCfk'='"

Clearly this was an SQL injection attack which I assume OpenCart is designed not to allow, but should I be worried?

Active Member

Posts

Joined
Wed Jan 18, 2012 3:07 am

Post by johnp » Fri Jan 25, 2019 5:54 pm

I've seen this loads of times on sites I manage though with not as many requests. If you stick Crawlprotect on it will help. You can also remove the returns links if you don't need them or put a decent captcha extension on.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD 2.6.1 lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member
Online

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by rhorne » Fri Jan 25, 2019 6:19 pm

Thanks John, that's somewhat reassuring.

Active Member

Posts

Joined
Wed Jan 18, 2012 3:07 am

Post by johnp » Fri Jan 25, 2019 6:33 pm

No probs. SQL Injections as are a real pain. Get the right pieces in place any you can stop a lot if not all of them. For now that is. :-)

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD 2.6.1 lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member
Online

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by johnp » Fri Jan 25, 2019 6:34 pm

PS. It's a good idea to take a full backup of your site and database. One day someone may get through. It's how quickly you can recover that's key.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD 2.6.1 lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member
Online

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by rhorne » Fri Jan 25, 2019 6:35 pm

Oh don't worry, it's all backed up every other day. :)

I have setup the Captcha already and am investigating crawl protect as we speak.

Active Member

Posts

Joined
Wed Jan 18, 2012 3:07 am

Post by johnp » Fri Jan 25, 2019 9:13 pm

Excellent. Crawlprotect is no longer maintained but the last release is still good and free protection.

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD 2.6.1 lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member
Online

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by JNeuhoff » Sat Jan 26, 2019 2:07 am

You could also block the IP-addresses of this attacker in your '.htaccess', at the very top. It looks something like this:

Code: Select all

Order Deny,Allow
# reject known hackers and spammers
deny from 37.187.90.226
deny from 194.67.196.0/22
deny from 92.63.108.0/23

MHC Web Design
Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * TrustPilot Reviews * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am

Who is online

Users browsing this forum: No registered users and 53 guests