RE: http://en.securitylab.ru/lab/PT-2012-34
We're running a heavily modified version of OC 1.5.4. I'm dreading doing an update to the latest version due to all of our modifications. That said after looking at my web logs and seeing a TON of strange proxy addresses I think we are being attacked regarding the exploit linked above. I think the brute force is literally happening as I type this.
Could someone help me to identify what code needs to modified to close the exploit listed above? Would really appreciate it!
We're running a heavily modified version of OC 1.5.4. I'm dreading doing an update to the latest version due to all of our modifications. That said after looking at my web logs and seeing a TON of strange proxy addresses I think we are being attacked regarding the exploit linked above. I think the brute force is literally happening as I type this.
Could someone help me to identify what code needs to modified to close the exploit listed above? Would really appreciate it!
most of time they are just bots trying to find a hole, copie one of those urls listed in logs and check how your site handels that request, it should sy 404 requested page not found, if so youre safe.
having said that, it eats a lot of traffic and procesor time off your site.
In your logs you can find ip adresses
just add this rule to your .htaccess
deny from xxx.xxx.xxx.xxx
xx.xxx.xxx.xxx stands for the ip adress found in logs.
just keep cheching your logs and keep adding ip adresses and in a short while you will get rid off these attacks
having said that, it eats a lot of traffic and procesor time off your site.
In your logs you can find ip adresses
just add this rule to your .htaccess
deny from xxx.xxx.xxx.xxx
xx.xxx.xxx.xxx stands for the ip adress found in logs.
just keep cheching your logs and keep adding ip adresses and in a short while you will get rid off these attacks
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
Upgrading can be a good way to go, but trying to block suspicious attackers is also a way to go.
i use both methodes, and also block ranges of ip adresses coming from rusia china vietnam etc as they are not going to provide any customers or interesting sales just to get rid of unnecesary traffic and possible attacks
I also ddi read the article (ben around quiete a while) and although there might be a some truth, i also did see these attacks on my sites, but when replicating the urls found in logs, opencart always retuned the right page that it could not be found.
I personally think that this article is over execurated and writen by someone who has a grunge against opencart.
i use both methodes, and also block ranges of ip adresses coming from rusia china vietnam etc as they are not going to provide any customers or interesting sales just to get rid of unnecesary traffic and possible attacks
I also ddi read the article (ben around quiete a while) and although there might be a some truth, i also did see these attacks on my sites, but when replicating the urls found in logs, opencart always retuned the right page that it could not be found.
I personally think that this article is over execurated and writen by someone who has a grunge against opencart.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
@victorj
I gained some insight from your detailed guided posts , thank you
Sent from my iPhone using Tapatalk
I gained some insight from your detailed guided posts , thank you
Sent from my iPhone using Tapatalk
Who is online
Users browsing this forum: Bing [Bot], edkny and 132 guests