Post by debbiekipt » Fri Sep 30, 2016 10:51 pm

Hi
I noticed my multistores on my 1.5.6.4 OC shop running very slowly today.
The main shop scored A/C in GTMetrix and 100% on minimise redirects last time I checked, but now doing a fresh GTMetrix check which comes back with dozens of unknown redirects and subsequently a score of C/D with 30 unknown redirects showing for all my most popular product pages, for all sites!

Example below of one:

Minimize redirects
Remove the following redirect chain if possible:
http://vmweb.net/beacon/sharethis?partn ... AZRoRdAg==
http://sync.vmweb.net/sync/sharethis?pa ... 3d066b33a2
http://sync.vmweb.net/sync/match?vuid=b ... 3d066b33a2
http://lib.adnxs.com/getuid?http%3A%2F% ... 26redir%3D
http://lib.adnxs.com/bounce?%2Fgetuid%3 ... redir%253D
http://sync.vmweb.net/sync/match?partne ... 3a2&redir=
http://cm.g.doubleclick.net/pixel?partn ... 3a2&redir=
http://cm.g.doubleclick.net/pixel?partn ... google_tc=
http://sync.vmweb.net/sync/doubleclick? ... gle_cver=1
Remove the following redirect chain if possible:

http://aa.agkn.com/adscores/r.pixel?sid ... AZRoRdAg==
http://aa.agkn.com/adscores/g.js?sid=8301517388
http://d.agkn.com/pixel/6644/?che=14751 ... =&cf=&ams=
Remove the following redirect chain if possible:

http://match.adsrvr.org/track/cmf/gener ... &ttd_tpi=1
http://match.adsrvr.org/track/cmb/gener ... &ttd_tpi=1
http://sync.sharethis.com/ttd?uid=9a6e1 ... a79a31fabd
Remove the following redirect chain if possible:

https://tag.crsspxl.com/c.gif?t=50173&r ... %7BCPCB%7D
https://p.nexac.com/e/sr/a-1625/s-3300/ ... 5144668544
https://p.nexac.com/e/sr/a-1625/s-3300/ ... 68544&rd=Y
Remove the following redirect chain if possible:

http://b.scorecardresearch.com/b?c1=7&c ... =2.2&cs=js
http://b.scorecardresearch.com/b2?c1=7& ... =2.2&cs=js
Remove the following redirect chain if possible:

http://bcp.crwdcntrl.net/map/c=9084/tp= ... AZRoRdAg==
http://bcp.crwdcntrl.net/map/ct=y/c=908 ... AZRoRdAg==
Remove the following redirect chain if possible:

http://image7.pubmatic.com/AdServer/UCookieSetPug?oid=4
http://image7.pubmatic.com/AdServer/UCo ... id=4&rdf=1
Remove the following redirect chain if possible:

http://pix04.revsci.net/J13421/a3/0/3/0 ... AZRoRdAg==
http://pix04.revsci.net/J13421/a3/Z/3/0 ... oGkY0ZEToA
Remove the following redirect chain if possible:

http://ps.eyeota.net/match?bid=1mpb5m0& ... AZRoRdAg==
http://ps.eyeota.net/match/bounce/?bid= ... AZRoRdAg==
Remove the following redirect chain if possible:

http://stpix.media6degrees.com/orbserv/ ... oduct-name
http://stpix.media6degrees.com/orbserv/ ... &cckz=true

I cannot see any of this in 'view-source' of the page, so if I can't see it how do I get rid of it and stop it being added again?!
It seems to be limited to product pages, not category or information pages.

I do not have any advertising on the site and am completely stuck as to what to do to resolve this.
Does it mean my site has been hacked?

Thanks in advance!

Active Member

Posts

Joined
Sun Nov 21, 2010 8:10 pm

Post by labeshops » Fri Sep 30, 2016 11:48 pm

Looks like tracking pixels and sharethis sharing widget code. Did you install some mods for them? Look at the pages in your vqcache and see if they are added there - if so, there is a mod somewhere that is adding them when the pages are rendered.

Running Opencart v3.0.3.2 with multi-stores from https://www.labeshops.com which has links to all my stores.

Image


User avatar
Expert Member

Posts

Joined
Thu Aug 04, 2011 4:41 am
Location - Florida, USA

Post by IP_CAM » Fri Sep 30, 2016 11:57 pm

one of those little loadtime-delaying Things, usually happen to those, crosslinking their Sites for free,
just to have a Shop Site full of such Crab, in the poor hope, to get linked somewhere in return... :D
Just my personal feelings on such ! ;)
Ernie

Please don't send me OC Forum Personal Messages, just contact: jti@jacob.ch
---
OC 1.5.6.5 LIGHT Test Site: http://www.bigmax.ch/shop/
OC 1.5.6.5 V-PRO Test Site: http://www.openshop.li/shop/
My Github OC Site: https://github.com/IP-CAM
2'750 FREE OC Extensions on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by debbiekipt » Sat Oct 01, 2016 12:11 am

Many thanks for your reply labeshops!
I have not installed any new mods and have nothing except Visitor Tracker installed to see visitors clicks, but that has been installed for ages and the problem is recent.
There is a ShareThis button on each product page as part of Journal2 Theme, but that has again been installed for a long time and did not show up in redirects until now.

Sorry, I am not sure what I should be looking for in vqcache, but none of the code in the redirect lists shows up in my vqcache folder.

Ernie - thanks also for your thoughts! What is cross linking, I do not advertise or 'cross link' to any other sites as far as I know. (sorry, not a techie as you may remember, having kindly helped me out before when I've been stuck! :clap: )

Active Member

Posts

Joined
Sun Nov 21, 2010 8:10 pm

Post by artcore » Sat Oct 01, 2016 12:48 am

I'd run your site against sitecheck.sucuri.com and search in google for your 'domain.com' to see if either reports it as being unsafe or infected. I suspect malware injections so you should probably put your site offline to keep your clients safe and your rankings where they were...

Attn: I no longer provide OpenCart extensions, nor future support - this includes forum posts.
Reason: OpenCart version 3+ ;D

Thanks!


User avatar
Active Member

Posts

Joined
Tue Jul 09, 2013 4:13 am
Location - The Netherlands

Post by IP_CAM » Sat Oct 01, 2016 1:06 am

debbiekipt wrote:Ernie - thanks also for your thoughts! What is cross linking, I do not advertise or 'cross link' to any other sites as far as I know.
Anything on your Site, calling an OUTSIDE URL, could be called crosslinking, as I define it. Unaware of how your Site
looks, I cannot tell, but I am aware, that many Users fill their Sites up with Facebook/Twitter/Instagram/e.t.c.
Banners and Links, and all those GIZMOS call some outside URL, to get images, hidden and visible, and/or other valuable Infos from your Site, in order to find out, who's visiting your Place and call's wich Pages.

And if scriptings are involved, like this 'ShareThis' on your Product Page, strictly technically, it's even possible,
that they get your Data, regardless of, if you have activated such Functions or not.
Quite similar to this, in your header.tpl, how many would really know, what it does, and when ?!

Code: Select all

<?php foreach ($analytics as $analytic) { ?>
<?php echo $analytic; ?>
<?php } ?>

Code: Select all

<?php foreach ($scripts as $script) { ?>
<script src="<?php echo $script; ?>" type="text/javascript"></script>
<?php } ?>
If you know, what I'm trying to tell you ! :D

Good Luck, nothing personal ! ;)
Ernie

Please don't send me OC Forum Personal Messages, just contact: jti@jacob.ch
---
OC 1.5.6.5 LIGHT Test Site: http://www.bigmax.ch/shop/
OC 1.5.6.5 V-PRO Test Site: http://www.openshop.li/shop/
My Github OC Site: https://github.com/IP-CAM
2'750 FREE OC Extensions on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by debbiekipt » Sat Oct 01, 2016 6:24 pm

Thanks for your suggestion Artcore, thankfully all sites show as clear of malware and not on any blacklists via sitecheck.sucuri.net.
Also showing status 200 with no redirects via http://www.redirect-checker.org/index.php and https://developers.facebook.com/tools/debug/og/object/

I would have though this was good, but wonder how can so many redirects be reported in GtMetrix but not in the other redirect checkers?

Ernie, thanks for your explanation of cross linking, though sorry, your latest comments go over my head so I do not know what you are trying to tell me. Could you kindly PM me the 'dummies' version? :-)

I have no banners or links to external sites on any of my sites, only the ShareThis buttons so people can like or share via FB etc and they have been there much longer than this issue.

Active Member

Posts

Joined
Sun Nov 21, 2010 8:10 pm

Post by artcore » Sat Oct 01, 2016 6:56 pm

If you pm your url I'll run an audit for you. Basically a check for vulnerabilities down to server level.

Attn: I no longer provide OpenCart extensions, nor future support - this includes forum posts.
Reason: OpenCart version 3+ ;D

Thanks!


User avatar
Active Member

Posts

Joined
Tue Jul 09, 2013 4:13 am
Location - The Netherlands

Post by IP_CAM » Sat Oct 01, 2016 7:44 pm

debbiekipt wrote:Ernie, thanks for your explanation of cross linking, though sorry, your latest comments go over my head so I do not know what you are trying to tell me. Could you kindly PM me the 'dummies' version? :-)
Well, I just wanted to point out, that basically anyone could create Extensions, containing 'hidden' Things, and the most part of Users would not be aware of, what those Things could do, in a system. Especially to those, getting extensions from fully unknown sources, just, because those (stolen & paid) extensions are offered for free. It's a huge Market, and I wonder, actually, that not more happens already.

In addition, OC is likely beeing installed by a lot of Newbies, unaware of, how to set up a comprehensive Software like OC, to make it work in a secure way. This means, that many risks are involved, by nature of things, we just have to accept this fact. But don't take it personal, I just mention ways, how it can be done. It's the sole responsibility of each User, to make as sure as possible, that it won't happen. But not even Yahoo can be sure, to be sure, so, we just have to accept the fact, that the Web is not a very secure place to be, and act and prepare accordingly ! ;)
Ernie

Please don't send me OC Forum Personal Messages, just contact: jti@jacob.ch
---
OC 1.5.6.5 LIGHT Test Site: http://www.bigmax.ch/shop/
OC 1.5.6.5 V-PRO Test Site: http://www.openshop.li/shop/
My Github OC Site: https://github.com/IP-CAM
2'750 FREE OC Extensions on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by debbiekipt » Sat Oct 01, 2016 10:15 pm

Hi Ernie - thanks for taking the time to expand :-)

That still leaves me in the dark as to the cause though, as the only extensions I have installed are from OC extensions directory here, free and paid ones so they should all be OK, I'd have thought.

Journal2 theme was bought from Themeforest and used by many OC shops, so that should not be an issue.

Thanks for the offer Artcore, will PM you :-)

Active Member

Posts

Joined
Sun Nov 21, 2010 8:10 pm

Post by IP_CAM » Sun Oct 02, 2016 1:11 am

Journal is not only a Theme, unfortunately, it also contains a huge amount of System Code, and many 'upgraded' versions of it seemengly exist (for some reason! :'( ), I therefore could not judge on it's quality, I generally KEEP OFF such 'THEMES'. And it does not even have to be OC, there are other ways to enter a Server, and leave some Code.

My Advise, KILL everything on your Server, download a full copy of your DB, and check it entirely trough, then, start again, on a CLEAN PLATE, and with clean Software, it's the only way, to make sure, that nothing is left, somewhere, possibly infecting your Shop again.
I know, it's a PRO Job, but it's a PRO Problem as well, and you need to solve it, in either way ! ;)

Good Luck!
Ernie

Please don't send me OC Forum Personal Messages, just contact: jti@jacob.ch
---
OC 1.5.6.5 LIGHT Test Site: http://www.bigmax.ch/shop/
OC 1.5.6.5 V-PRO Test Site: http://www.openshop.li/shop/
My Github OC Site: https://github.com/IP-CAM
2'750 FREE OC Extensions on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by debbiekipt » Sun Oct 23, 2016 12:13 am

Hi Everyone
Many thanks for your input on this and I wanted to update to let others know in the hope it helps someone.

The site was not hacked, ALL the redirects were caused by the ShareThis plugin included in the Journal 2 theme.
I have disabled the ShareThis plugin and all redirects have gone away.

ShareThis did promise to come back to me with a solution, but have not as yet.

Thanks again to everyone who posted!

Active Member

Posts

Joined
Sun Nov 21, 2010 8:10 pm
Who is online

Users browsing this forum: No registered users and 27 guests