Hi,
These searches where badly affecting our website as these queries keep running and never end. And this was inducing heavy load and mysql stop responding.
1) Blocked searches with special characters. Allowed only characters:
A-Z, a-z, 0-9, space , dot, hyphen, plus
2) Maximum length setup for search: 18 characters
If any of the above is violated it returns empty results.
3) Disabled all other languages in search other than English in search.
Is this a common problem with Opencart? Is there some fixes for this in the newer versions?
Just a quick thought: What if you checked for the number of search requests having originated from the requesting IP-address for a given short time period, and if exceeded, start returning 403 responses for the remaining session? This might help to deter the SQL injection requester quickly.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
1. It is coming from an extension not Opencartnisamudeen97 wrote: ↑Thu Aug 14, 2025 12:13 amIs this a common problem with Opencart? Is there some fixes for this in the newer versions?
2. Spam is not an ‘issue’ with Opencart - it is a global problem
3. SQL injections are not an ‘issue’ with Opencart, but vulnerabilities in global software, errors and extensions and outdated software etc can be related, but there is rarely a ‘fix’. Generally Opencart is very secure as default.
4. Hacking is not an ‘issue’ with Opencart .. brute force attacks .. bots .. the list continues ..
Having ANYTHING online or connected to something that is online is vulnerable to exploitation …
That said .. yes you were advised to upgrade to 3.0.4.1 and php8.
It does not answer you question but it is related. For security reasons EVERYONE needs to upgrade to php8 and Opencart 3.0.4.1 supports it.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
And also server side will always play a role into it, you can have an excellent written extension/code but if your server allows manipulation on it then you are essentially leaving the door unlocked — poor server configuration, outdated software, or weak permissions can let attackers bypass even the best application code. Security is a chain, and the weakest link — whether code or server — will always be the point of compromise.by mona wrote: ↑Thu Aug 14, 2025 2:55 amFor security reasons EVERYONE needs to upgrade to php8 and Opencart 3.0.4.1 supports it.nisamudeen97 wrote: ↑Thu Aug 14, 2025 12:13 amIs this a common problem with Opencart? Is there some fixes for this in the newer versions?
Got a burning question at 3 AM that even Google shrugs at? There’s a not-so-secret inbox that might just have your answer: khnaz35@gmail.com
Breathe in some nature while you're at it. It’s cheaper than therapy. 
Feel free to sling a bear my way via PayPal @ khnaz35@gmail.com
Those are peanut queries, eating zero resources.khnaz35 wrote: ↑Wed Aug 13, 2025 5:51 pmWhile they are not trying to inject some data into system but they still eating up system resources. And yes they are automated otherwise why someone human on site of ecommerce is trying to search YouTube videos, Facebook ads etc??
So yes its a Spam bot/boy-driven attack.
1) that is goodnisamudeen97 wrote: ↑Thu Aug 14, 2025 12:13 amHi,
These searches where badly affecting our website as these queries keep running and never end. And this was inducing heavy load and mysql stop responding.
1) Blocked searches with special characters. Allowed only characters:
A-Z, a-z, 0-9, space , dot, hyphen, plus
2) Maximum length setup for search: 18 characters
If any of the above is violated it returns empty results.
3) Disabled all other languages in search other than English in search.
Is this a common problem with Opencart? Is there some fixes for this in the newer versions?
2) also good
3) no need when you make that "smartsearch" extension multibyte compatible which it should be from the start as it handles global external input.
Do you even understand here the statement?nonnedelectari wrote: ↑Thu Aug 14, 2025 9:21 pmThose are peanut queries, eating zero resources.khnaz35 wrote: ↑Wed Aug 13, 2025 5:51 pmWhile they are not trying to inject some data into system but they still eating up system resources. And yes they are automated otherwise why someone human on site of ecommerce is trying to search YouTube videos, Facebook ads etc??
So yes its a Spam bot/boy-driven attack.
Got a burning question at 3 AM that even Google shrugs at? There’s a not-so-secret inbox that might just have your answer: khnaz35@gmail.com
Breathe in some nature while you're at it. It’s cheaper than therapy.
Feel free to sling a bear my way via PayPal @ khnaz35@gmail.com
yes, your response at posting.php?mode=quote&p=880587 was correct, your mod_security was overkill and the rest was irrelevant.khnaz35 wrote: ↑Thu Aug 14, 2025 9:33 pmDo you even understand here the statement?nonnedelectari wrote: ↑Thu Aug 14, 2025 9:21 pmThose are peanut queries, eating zero resources.khnaz35 wrote: ↑Wed Aug 13, 2025 5:51 pmWhile they are not trying to inject some data into system but they still eating up system resources. And yes they are automated otherwise why someone human on site of ecommerce is trying to search YouTube videos, Facebook ads etc??
So yes its a Spam bot/boy-driven attack.
Still, that search extension is not multibyte compliant which is bad for an extension accepting global user input.
You can always adjust on base of your needs, since this is forum so we people here don't know what kind of setup & server stack you are using or what are your capabilities when dealing with threats.nonnedelectari wrote: ↑Thu Aug 14, 2025 10:03 pmyour mod_security was overkill and the rest was irrelevant.
As for the extension not being complaint you can write to developer and sort it out.nonnedelectari wrote: ↑Thu Aug 14, 2025 10:03 pmStill, that search extension is not multibyte compliant which is bad for an extension accepting global user input.
With that said this issue is resolved and feel free to mark it solved
Got a burning question at 3 AM that even Google shrugs at? There’s a not-so-secret inbox that might just have your answer: khnaz35@gmail.com
Breathe in some nature while you're at it. It’s cheaper than therapy.
Feel free to sling a bear my way via PayPal @ khnaz35@gmail.com
Who is online
Users browsing this forum: Majestic-12 [Bot], Mariogs and 15 guests
