Over the last few days one of my sites has received a dozens of new customer registrations with false details and with various IP addresses originating outside of the UK. There also seems to be a lot of 'Returns' entries being created and the error logs are filling up with various "Undefined index" for both return.php & contact.php
I am deleting the fake customers, blocking their IP address ranges, have temporarily disabled the return.php script and am logging activity on the site.
Can anybody advise on what might be going on here or had similar experiences?
Opencart Version 3.0.3.7
Default install
Yeah there are still lots of sites (not exclusive to Opencart) that do not implement security measures and bots / wannabe hackers exploit those.
Do you have any at all?
Do you have any at all?
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
You could use google recaptcha v3 to get rid of this problem.
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature 
The OP confirmed they are using post protection and appears to be asking if there is a specific vulnerability that can be exploited.
If there were such a thing it would be a very stupid person who would write that vulnerability on a public forum.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
Our Advanced CAPTCHA should fix that: https://www.opencart.com/index.php?rout ... er=antropy
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Legendary Member
As far as I'm aware, there is no vulnerability to be exploited by bots creating fake registrations or fake returns. Nobody knows why someone created bots to do this --- I assume there's some benefit, but I can't think of one.
Thank you all for your replies.
We improved our spam protection and blocked access to associated IP addresses & ranges identified in our logs. So far after 48hrs of monitoring the changes we haven't had any further false registrations. The only registrations now are genuine ones which we are happy to manually approve.
We originally asked about 'vulnerabilities' to try and understand why this was happening. We were seeing similar attacks coming in from dozens of different countries; from Albania to Zambia at different times of the day and with slightly different entry points, which suggests to us that there was more than one party responsible but all with a very specific focus.
The 'why' answer...? seems to be to simply generate an email response from the site and direct it to a 3rd party address. We have since received a handful of notifications for delayed, failed or returned emails and even the odd 'out of office' responses as a result.
There was nothing found (by us or our host) to suggest that once this email response is triggered that any more than the initial email is sent. Likewise there was nothing to indicate that the default content or headers of the email could be changed.
Oh well on to the next challenge.....
We improved our spam protection and blocked access to associated IP addresses & ranges identified in our logs. So far after 48hrs of monitoring the changes we haven't had any further false registrations. The only registrations now are genuine ones which we are happy to manually approve.
We originally asked about 'vulnerabilities' to try and understand why this was happening. We were seeing similar attacks coming in from dozens of different countries; from Albania to Zambia at different times of the day and with slightly different entry points, which suggests to us that there was more than one party responsible but all with a very specific focus.
The 'why' answer...? seems to be to simply generate an email response from the site and direct it to a 3rd party address. We have since received a handful of notifications for delayed, failed or returned emails and even the odd 'out of office' responses as a result.
There was nothing found (by us or our host) to suggest that once this email response is triggered that any more than the initial email is sent. Likewise there was nothing to indicate that the default content or headers of the email could be changed.
Oh well on to the next challenge.....
Who is online
Users browsing this forum: lockiedownunder and 11 guests
