OpenCart Community

OpenCart Community Forum - Discuss shopping cart and e-commerce solutions.
https://forum.opencart.com/

can opencart be hacked via the reviews ?

https://forum.opencart.com/viewtopic.php?t=234498

Page 1 of 1

can opencart be hacked via the reviews ?

Posted: Mon Sep 09, 2024 5:14 pm
by Loady
Suddenly had about 15 emails come in saying i received a new review, they look like someone is trying to send code to the store, i am a bit concerned whether they have been able to get in or not ?

Image

Image

Re: can opencart be hacked via the reviews ?

Posted: Mon Sep 09, 2024 5:25 pm
by by mona
The short answer is yes it is possible, but your reviews are not Opencart, you need to contact the developer or hire one in the commercial section.

The code is an attempt to inject code / identify vulnerability / try to force errors to see db structure .. you can google it.
https://portswigger.net/web-security/sql-injection

Keep your site updated
Turn off all error reporting
Pay for a security firm to monitor your site
... etc etc etc

Re: can opencart be hacked via the reviews ?

Posted: Mon Sep 09, 2024 5:34 pm
by Loady
opencollander, formerly known as opencart

Re: can opencart be hacked via the reviews ?

Posted: Mon Sep 09, 2024 5:35 pm
by by mona
https://stackoverflow.com/questions/826 ... on-attacks

You might want to consider something like this also
https://www.opencart.com/index.php?rout ... n_id=38244

Re: can opencart be hacked via the reviews ?

Posted: Mon Sep 09, 2024 5:42 pm
by johnp
I suggest adding a firewall to your site that blocks SQL injections. The free version of Ninja Firewall is fine.

https://nintechnet.com/ninjafirewall/pro-edition

Re: can opencart be hacked via the reviews ?

Posted: Mon Sep 09, 2024 7:33 pm
by paulfeakins
Loady wrote:
Mon Sep 09, 2024 5:34 pm
 opencollander, formerly known as opencart
This isn't a security hole and OpenCart is incredibly secure.

Re: can opencart be hacked via the reviews ?

Posted: Mon Sep 09, 2024 8:11 pm
by Loady
by mona wrote:
Mon Sep 09, 2024 5:35 pm
 https://stackoverflow.com/questions/826 ... on-attacks

You might want to consider something like this also
https://www.opencart.com/index.php?rout ... n_id=38244
I already have spambot buster, i was being plauged with spam emails but that stopped it...safe to say it may have help here to ?

Re: can opencart be hacked via the reviews ?

Posted: Mon Sep 09, 2024 8:24 pm
by by mona
Yes and no -
It stops bots from constantly probing so yes
It does nothing to prevent sql injections

A child can hack the Pentagon and it is unlikely for that ever to change.
OC is open source - like having a safe with the blue prints - there is a limit to what can be achieved with open source and OC is secure - not Pentagon secure, but secure.

Extensions / themes/ failing to implement security measures, not disabling error logging - so what happens is that users like the one who has been sending you reviews is probing, because that is what hackers do - they learn from poorly implemented sites
All times are UTC+08:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/