It is an automated message containing an invitaion to open a list of required products supposedly on an excel spreadsheet.
We know, to the expense of a friend of ours who also received this through their opencart 1.5 shop, that the link is malicious. It takes control of your PC and then they demand $500 to release it. They have ended up scrapping a harddrive over it.
This is warning to others not to open the link.
Anyone know a way to shut the b%^$)ard down?
We think the originators IP address is 194.67.196.54 and have now blocked access.
Code: Select all
inetnum: 194.67.196.0 - 194.67.199.255
netname: MAROSNET-194-67-196-0
descr: Marosnet enterprise network
country: RU
deny from 194.24.230.0/194.88.213.255
Code: Select all
order allow,deny
allow from all
deny from 194.67.196.0/194.67.199.255
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Code: Select all
IN:
/catalog/controller/information/contact.php
REPLACE:
$mail->send();
WITH:
if (!strpos($this->request->post['email'], 'take5shop')) {
$mail->send();
}
I have also discovered something which I think may be more sinister, I do not know if they are connected:
http://forum.opencart.com/viewtopic.php?f=20&t=168452
Re the code you kindly provided Ernie, I assume it goes in our .htaccess file?
order allow,deny
allow from all
deny from 194.67.196.0/194.67.199.255
Yes, this is correct!I assume it goes in our .htaccess file
---
And just to give you an inside look into my file, for years, I use this .htaccess file, frequently updated,
in my Site ROOT Sections. It could have been coded MUCHO more professional, I know, but this is, what
I understand to manage, and it works well, and makes very little difference in page load delay, compared,
without having an .htaccess file in place!
---
It also re-route's incoming http://site calls to http://www.site, so, I don't have to add such
rerouting routines to OC-2 related Shop Subdirectory placed .htaccess files any longer, to avoid
Font-Awesome ICON related problems.
---
http://www.openshop.li/downloads/ernies_htaccess.zip
---
BOTTOM Rewrite Rule Line could either be something like this:
Code: Select all
RewriteRule .* - [F]
Code: Select all
RewriteRule /*$ http://www.brightfort.com/spywareblaster.html[L,R]
Good Luck
Ernie
But don't just use it, as it comes, it may BLOCK yourselfs from accessing your Site,
depending on, where you come from
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
We got loads of emails from the same guy. Might be useful to add a captcha on your Contact page.sooty wrote:We are getting bombarded with enquiries via the contact page from a eric.neilmann@take5shop(.com)
It is an automated message containing an invitaion to open a list of required products supposedly on an excel spreadsheet.
We know, to the expense of a friend of ours who also received this through their opencart 1.5 shop, that the link is malicious. It takes control of your PC and then they demand $500 to release it. They have ended up scrapping a harddrive over it.
This is warning to others not to open the link.
Anyone know a way to shut the b%^$)ard down?
We think the originators IP address is 194.67.196.54 and have now blocked access.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
I will take a look at that and great that it could resolve the missing Font Awesome icons too - that is something else I have an issue with in multistore shops at present.
Thanks JNeuhoff for your suggestion, we have a captcha and were still getting the emails, though none today so far after adding Ernies deny code to .htaccess yesterday :-)
Code: Select all
order allow,deny
allow from all
deny from 194.67.196.0/194.67.199.255
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Good Luck!
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
If this happens often, you might want to just use the edit I suggested above, which should block your contact form from being used by anyone from that domain.JNeuhoff wrote:I added Ernie's code to the .htaccess, yet we are still getting these spam mails from take5shop, submitted via our website's Contact form (verified from the access.log). I guess it needs a different mechanism to block this IP-address range!
The spammers think they sent it as they get the confirmation message, but no email is sent!!
Just make sure you test it using their domain and another before considering it fixed
Thank you Johnathan!!!
Code: Select all
deny from 194.67.196.0/22
deny from 92.63.108.0/23
194.67.196.0 to 194.67.199.255
92.63.108.0 to 92.63.109.255
This spammer is actually manually visiting the information/contact page, then copying and pasting his standard spam text, and then hitting the Submit button.
Users browsing this forum: No registered users and 387 guests