Ongoing Attack Stealing Credit Cards From Over A Hundred Shopping Sites

Post by head_dunce » Sat May 11, 2019 10:50 am

Jim
https://www.carguygarage.com
Yahoo Store since 2006 moved to OpenCart on January 24, 2020

Post by IP_CAM » Sat May 11, 2019 12:42 pm

Bad extensions now main source of Magento hacks: a solution!

Well, it could be the same with Opencart Sites, when Mods are
downloaded from shady Places. That's always a Risk, even with
'regular' Extensions, free or paid. We experienced such a Case
with a Crypto-Miner Code on the OC Extension Section already,
not so long ago.

But it always potentially dangerous, if someone, not familiar,
tries to modify a Car-Engine, or some Software. One just has
to be aware of that, and act accordingly. Access- and Error Logs
should be checked on a daily schedule, to find out, who's accessing
the Shop Site, and what 'Access Commands' are used for such. It's
Part of the Job, to make sure, like anywhere else in real life ...
---
After locking out ~220 (OC Sites) IP Ranges so far, like:

Code: Select all

deny from 213.163.93.
deny from 213.251.
deny from 216.

and ~500 IP Ranges on my Swiss Club Site, in addition to about
800 HTTP_REFERER - HTTP_USER_AGENT - REQUEST URL Lines, like:

Code: Select all

RewriteCond %{HTTP_REFERER} ^.rambler\.ru [NC,OR]
RewriteCond %{HTTP_REFERER} ^.rv\.ua [NC,OR]
RewriteCond %{HTTP_REFERER} ^.dontknow\.me [NC,OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [NC,OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [NC,OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [NC,OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCapture [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^Alexibot [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^asterias [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus\.*Webster [NC,OR]

over the past 1.5 decades, I also redirect all OC Site Intruder href-links
to Vegas:
It add's a little more to Security, and to not beeing targeted by those,
only adding to Traffic, for not one good reason at all.
Ernie
---

Attachments

security_log.jpg (201.89 KiB) Viewed 1443 times

I don't use the Forum Mailer, to reach me, contact: jti@jacob.ch
-
Demoversions:
OpenCart LIGHT v.1.5.6.5 http://www.bigmax.ch/
OpenCart V-PRO v.1.5.6.5 http://www.ebikes.li/shop/
-
1'700+ FREE OC Extensions - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
-

Post by OSWorX » Sat May 11, 2019 5:01 pm

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Post by head_dunce » Sat May 18, 2019 9:02 pm

Jim
https://www.carguygarage.com
Yahoo Store since 2006 moved to OpenCart on January 24, 2020

Post by IP_CAM » Sun May 19, 2019 12:18 pm

Well, I don't feel like to ask my Hoster, to add some Code, just to
enable me to make use of things like fail2ban.
And I like to know, who's trying to give me a hard time.
It's interesting to see, what they use on Code, to possibly get in ...

I use Razztech's free 301 Redirect Pages for OC:
https://www.opencart.com/index.php?rout ... n_id=25864
and Exife's (gone ...) nice OC Security Module, to get & have control,
without spending much time, except for frequently adding some IP's
to my ROOT .htaccess File manually too...

Ernie
PS: Lucky Me, to still use old things, they already exist
---
PS: I have some Security-related OC Mod Downloads on Github,
just in case:
https://github.com/IP-CAM?utf8=✓&tab=re ... q=security
---

Attachments

oc_1565_security.jpg (136.05 KiB) Viewed 1295 times

I don't use the Forum Mailer, to reach me, contact: jti@jacob.ch
-
Demoversions:
OpenCart LIGHT v.1.5.6.5 http://www.bigmax.ch/
OpenCart V-PRO v.1.5.6.5 http://www.ebikes.li/shop/
-
1'700+ FREE OC Extensions - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
-

Post by head_dunce » Fri May 24, 2019 9:58 pm

Jim
https://www.carguygarage.com
Yahoo Store since 2006 moved to OpenCart on January 24, 2020

Post by IP_CAM » Sat May 25, 2019 7:54 am

You must be on shared hosting ...

That's correct, shared with more than 1'000 others, using the same IP ...
It's much cheaper, and more 'representative', when it comes to compare
Performance with other OC Sites, most likely also using shared hosting.

One only has to make sure, to get the best Hoster in Town, then, one has no problem.
And beeing up to 100% Siteload on GTMetrix already, only Yslow could possibly still go
up a little more, but I'm satisfied with 92%, for the price I pay, to keep my ~40 different
active URL's in one place. It's less than a BigMac Menu with a large Coke per Month,
to be part of the Game, top secure, and without a single compromise, or even some
Sub-Hosters in between ...
Ernie
---
Image Link:
download/file.php?mode=view&id=37093&si ... 5739c99840

Attachments

hostpoint_first_class_swiss_hosting.jpg (117.67 KiB) Viewed 1197 times

I don't use the Forum Mailer, to reach me, contact: jti@jacob.ch
-
Demoversions:
OpenCart LIGHT v.1.5.6.5 http://www.bigmax.ch/
OpenCart V-PRO v.1.5.6.5 http://www.ebikes.li/shop/
-
1'700+ FREE OC Extensions - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
-