Post by Loady » Mon Sep 09, 2024 5:14 pm

Suddenly had about 15 emails come in saying i received a new review, they look like someone is trying to send code to the store, i am a bit concerned whether they have been able to get in or not ?

Image

Image

Active Member

Posts

Joined
Sun Oct 07, 2018 10:47 pm
Location - UK

Post by by mona » Mon Sep 09, 2024 5:25 pm

The short answer is yes it is possible, but your reviews are not Opencart, you need to contact the developer or hire one in the commercial section.

The code is an attempt to inject code / identify vulnerability / try to force errors to see db structure .. you can google it.
https://portswigger.net/web-security/sql-injection

Keep your site updated
Turn off all error reporting
Pay for a security firm to monitor your site
... etc etc etc

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am

Post by Loady » Mon Sep 09, 2024 5:34 pm

opencollander, formerly known as opencart

Active Member

Posts

Joined
Sun Oct 07, 2018 10:47 pm
Location - UK

Post by by mona » Mon Sep 09, 2024 5:35 pm


DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am

Post by johnp » Mon Sep 09, 2024 5:42 pm

I suggest adding a firewall to your site that blocks SQL injections. The free version of Ninja Firewall is fine.

https://nintechnet.com/ninjafirewall/pro-edition

Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk


User avatar
Active Member

Posts

Joined
Fri Mar 25, 2011 10:25 am
Location - Surrey, UK

Post by paulfeakins » Mon Sep 09, 2024 7:33 pm

Loady wrote:
Mon Sep 09, 2024 5:34 pm
opencollander, formerly known as opencart
This isn't a security hole and OpenCart is incredibly secure.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by Loady » Mon Sep 09, 2024 8:11 pm

by mona wrote:
Mon Sep 09, 2024 5:35 pm
https://stackoverflow.com/questions/826 ... on-attacks

You might want to consider something like this also
https://www.opencart.com/index.php?rout ... n_id=38244
I already have spambot buster, i was being plauged with spam emails but that stopped it...safe to say it may have help here to ?

Active Member

Posts

Joined
Sun Oct 07, 2018 10:47 pm
Location - UK

Post by by mona » Mon Sep 09, 2024 8:24 pm

Yes and no -
It stops bots from constantly probing so yes
It does nothing to prevent sql injections

A child can hack the Pentagon and it is unlikely for that ever to change.
OC is open source - like having a safe with the blue prints - there is a limit to what can be achieved with open source and OC is secure - not Pentagon secure, but secure.

Extensions / themes/ failing to implement security measures, not disabling error logging - so what happens is that users like the one who has been sending you reviews is probing, because that is what hackers do - they learn from poorly implemented sites

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


https://www.youtube.com/watch?v=zXIxDoCRc84


User avatar
Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am
Who is online

Users browsing this forum: No registered users and 68 guests