Page 2 of 2
Re: 99% MySQL usage from search query attack?
Posted: Sat Mar 22, 2025 10:59 pm
by ADD Creative
websiteworld wrote: ↑Sat Mar 22, 2025 8:14 pm
Developer claims there isn't an issue as noted here. :-0
See attached.
Looks like you have to explain it in more details to them. It's to be expected when reporting security vulnerabilities, some will just ignore them, others will just dismiss the possibility, others will say they will fix and then do nothing, some will even get abusive.
Re: 99% MySQL usage from search query attack?
Posted: Sun Mar 23, 2025 1:30 am
by websiteworld
I sent them the server logs. I posted this thread in the ticket as well, but they were quick to dismiss the claim as you can see!
Re: 99% MySQL usage from search query attack?
Posted: Sun Mar 23, 2025 1:51 am
by khnaz35
They did mentioned about model file . You can share your model file here.
Also do share where is the part of code which is in discussion.
Re: 99% MySQL usage from search query attack?
Posted: Sun Mar 23, 2025 3:16 am
by websiteworld
khnaz35 wrote: ↑Sun Mar 23, 2025 1:51 am
They did mentioned about model file . You can share your model file here.
Also do share where is the part of code which is in discussion.
The code is discussed on page 1, several people said it's vulnerable to attack.
I think all that was a diversionary tactic. The file impacted was called seo_url.php, and it was created by their extension. The file is gone now that the review extension is removed.
They contradicted themselves in another post as well
Re: 99% MySQL usage from search query attack?
Posted: Sun Mar 23, 2025 7:31 am
by khnaz35
If you are only mentioning about part of code the fixed I already provide you can give it short
Re: 99% MySQL usage from search query attack?
Posted: Sun Mar 23, 2025 9:20 pm
by ADD Creative
Search through the xml column of the oc_modification table for part of the vulnerable code. This should tell you which OCMOD added it.
Re: 99% MySQL usage from search query attack?
Posted: Mon Mar 24, 2025 6:15 pm
by paulfeakins
websiteworld wrote: ↑Fri Mar 21, 2025 11:06 pm
paulfeakins wrote: ↑Thu Mar 20, 2025 8:28 pm
websiteworld wrote: ↑Thu Mar 20, 2025 8:37 am
We own/operate the server and don't have a host.
You really shouldn't be running a live web server on an ecommerce site if you don't know how to protect against this sort of thing.
These kind of comments are useless. Nothing happened on the server, the attempt failed and was easily mitigated. As other helpful users pointed out, this is an issue with an add on or Journal Theme and the code needs revised! Thanks to those who pointed this out, will report the bug.
Not useless at all. You SHOULD NOT be running a live ecommerce website on an unmanaged server if you don't understand the basics of server administration and server security.
Re: 99% MySQL usage from search query attack?
Posted: Tue Mar 25, 2025 1:12 pm
by kvish
HI
here print screen with fix code which we already applied on module file
https://prnt.sc/D1ZyFTVMra2f
Thank you
Re: 99% MySQL usage from search query attack?
Posted: Tue Mar 25, 2025 1:30 pm
by khnaz35
If the code has been fixed you can close this thread. Just add [SOLVED] in the first post title.
Re: 99% MySQL usage from search query attack?
Posted: Tue Mar 25, 2025 9:15 pm
by websiteworld
khnaz35 wrote: ↑Tue Mar 25, 2025 1:30 pm
If the code has been fixed you can close this thread. Just add [SOLVED] in the first post title.
Who knows, the developer vehemently denied there was any vulnerability despite citing this thread. We simply removed the extension and files from the server. Problem solved.
Re: 99% MySQL usage from search query attack?
Posted: Wed Mar 26, 2025 7:53 pm
by paulfeakins
