Jump to content

foz1234

Member
  • Posts

    246
  • Joined

  • Last visited

  • Days Won

    4

Posts posted by foz1234

  1. nothing in hooks looks out of place, only 2 snippets Brian - 

    Makes new query to get latest products ordered by price & sorts the products image gallery by image filename.

    only php code is:

    ?php
    $query = sprintf("SELECT I.* FROM `%1\$sCubeCart_inventory` AS I JOIN `%1\$sCubeCart_category` AS C ON C.cat_id=I.cat_id AND C.`status`=1 AND $where ORDER BY I.price DESC, I.product_id DESC", $GLOBALS['config']->get('config', 'dbprefix'));
    $latestProducts = $GLOBALS['db']->query($query, (int)$GLOBALS['config']->get('config', 'catalogue_latest_products_count'));

    email headers are same after opening them up, tested against one i sent from my website myself only difference is time id & reply to i did notice 1 had a different port port=45754 others were port=43418   now to check the site against downloaded one with same version.

    Added: Just been though and compared both sets of files, only old files left behind from previous upgrades dating back to 2016, all files are exact date and size, even downloaded the plugins and compared just in case. 

    Ini-custom.inc.php edited

      

     

  2. No longer receiving those emails Brian since you helped me with the script for false accounts and adding the russian characters part, i honestly don't think this is related, i do believe the [email protected] was compromised and the hosing company are just not helping as i am on a fixed ip and assume this would cost money to move me again, is there any way to test the website for any infection and if its being used for spam? if i can prove its not infected it must have been the test email they left on there and if thats the case i should be moved to a new ip free of charge.

      

  3. My host fasthive moved my IP because my email was blacklisted with barracuda, then after 3 weeks new ip was blacklisted by UCEPROTECTL3, after closer inspection i found a test email account that the host had left in cpanel from when i had some issue previously, i had already changed my email passwords to the strongest 18 character password possible in cpanel that included upper/lower/special characters but not on this test email account as i assumed this was part of cpanel set up, deleted this account 2 weeks ago, i personally think this was compromised but i may be wrong that is just an assumption.

    Now i have asked them to sort this out but there reply was:- 

    It doesn't necessarily mean that you are sending out Spam, but it could be a contact form on your website that is infected and being used to send out spam

    so if this is the case, is there anyway to check for this? i need to go back to them and prove this is not Cubecart that is infected but i have no idea how i can find this out, help required as i don't have a clue how i can check for this.

    i had issues with russian emails reaching me, sent from my website, but thanks to brian this has since stopped.

    Thanks in advance

  4. Hi Brian

    LOL re: egg-nog, I may have 1 or 2 myself tonight - Happy New year mate !!

    i changed the code but it is not working Brian, unless i am not putting it in the correct file/folder?

    once added i cleared CC cache (not sure if i needed to or not), i then tried sending a contact us (email) through the website, I sent 1 with subject & enquiry in english and the second in russian - скачать фото кубани in both fields but sadly both came through.

    ini-custom.inc.php (in same place index.php etc)

    code:

     

    <?php

    if(

      (

        (isset($_GET['seo_path']) && $_GET['seo_path'] == "register")

        ||

        (isset($_GET['_a']) && $_GET['_a'] == "register")

      )

      &&

      !empty($_POST['first_name'])

      &&

      !empty($_POST['last_name'])

      && 

      (

        (!empty($_POST['phone']) && $_POST['phone']=="123456")

        ||

       # //preg_match('/[A-Z]\z/',trim($_POST['first_name']))===preg_match('/[A-Z]\z/',trim($_POST['last_name']))

        (ctype_upper(substr(trim($_POST['first_name']),-2)) && ctype_upper(substr(trim($_POST['last_name']),-2)))

        ||

        !empty($_GET['agreed'])

      )

    ) exit; // Kills PHP leaving browser with white screen
    if (preg_match('#.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*#', $_POST['contact']['enquiry'])) exit;

     

  5. Hi Brian

    Thanks again, so to confirm, to test this i place the above line in "ini-custom.inc.php" as below?

    <?php

    if(

      (

        (isset($_GET['seo_path']) && $_GET['seo_path'] == "register")

        ||

        (isset($_GET['_a']) && $_GET['_a'] == "register")

      )

      &&

      !empty($_POST['first_name'])

      &&

      !empty($_POST['last_name'])

      && 

      (

        (!empty($_POST['phone']) && $_POST['phone']=="123456")

        ||

       # //preg_match('/[A-Z]\z/',trim($_POST['first_name']))===preg_match('/[A-Z]\z/',trim($_POST['last_name']))

        (ctype_upper(substr(trim($_POST['first_name']),-2)) && ctype_upper(substr(trim($_POST['last_name']),-2)))

        ||

        !empty($_GET['agreed'])

      )

    ) exit; // Kills PHP leaving browser with white screen
    if ('#.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*#', $_POST['contact']['enquiry']) exit;

      

  6. I am assuming there is no way to drop email if it contains Russian characters by the lack of replies? Its very annoying as I tend to get 2-10 per day even over the Christmas period, the script seems to have stopped the bot from creating false accounts but obviously not stopped the contact us from spamming. Not sure why this is happening to my site, the messages are not related. 

  7. Hi Brian,

    Yes that's correct and another today and 3 or 4 yesterday 

    JamesLox <[email protected]> wrote to Sales:

    ---------------

    Во «Автомаляр+» вам сможете отыскать наиболее обширный перечень продуктов с основных европейских также наилучших российских изготовителей, что заключается с тыс. названий. Максимальный подбор автомобиля окраски во Украине показан непосредственно во нашем торговом центре.

     

    купить краску для авто ваз

    ---------------

     

    This email is sent from the store's master email address but it is possible to reply directly to the sender using the reply button on your email software.

    --------------------------

    Only common denominator is they all have Russian language in them.

    I can only read English, so if there is anyway to drop the email from sending if it contain Russian characters?

  8. Thank you Brian, Which script is best to try first? 

    It seems we are all struggling with this same issue/bot. 

    I went through our customer db and removed all customers in bold that have 0 purchases and with duplicate first and last names, but moving forward I will try adding one of the scripts in this thread.

    Wouldn't a plugin/addon or even hardcoded into cc asking a single question or even better say 6-10 rotating questions that we could set relevant to our site not be a simpler/better option this would surly stop all? Or am I missing something?

    I've never learned php most a pitty.

    Thanks

  9. I totally agree with you, but I thought that majority of these spammers would use a vpn? I maybe wrong just something I suspected they did. I thought a further additional security layer like a ramdom question related to the site may help.

    I am assuming there is no such addon/plugin available?

    Is there anyway to test if the invisible captcha is working?

    Thanks again for your help and time replying, I do appreciate it.

    (Added. Just logged into Google captcha and I can see red and green in charts so its working) 

  10. On 12/4/2020 at 10:57 AM, havenswift-hosting said:

    These emails are almost certainly being sent via the Contact Us form and they have either found a way to circumvent the reCaptcha (assuming it is working OK) or they are being done manually.  Changing the email password to a strong one is not a bad idea but wont help in this case.

    We block all connections into all our servers from Russia (and a few other countries such as China etc) which your hosting company wont do as it has to be done at a server level, but we also manage all of our fully managed hosting customers through Cloudflare and it is possible to block connections by country in the Cloudflare firewall at their edge network which means that they dont even get as far as our servers or the website.  This is one of many, many benefits of using Cloudflare when correctly configured 

    How does this work if they bypass geo-locks while being connected to a VPN?

  11. Hi

    I am receiving more and more emails from my own website in russian. when using translation its all different crap.

    I have changed my email passwords to a real strong one (just to be 100% sure and safe) and changed google reCaptcha to invisible v2 from v2 checkbox but i am still receiving between 5-20 a day. Is there any other security i can add/use e.g. is there anything to ask a question like what colour is a apple type of thing that i've seen used on different sites?

    Thanks for any support you provide in advance.

     

     

     

  12. Who is the developer for the Braintree PayPal gateway? says Cubecart is that correct?

    i was going to drop an email to the dev asking about making the yellow PayPal checkout icon the same size as the secure checkout   

  13. the above edit no longer seems to work in 6.2.1, when i add google AdSense script into a source page/box it changes the code after save from this:-

    <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
    <!-- Right Box #3 content -->
    <ins class="adsbygoogle"
         style="display:block"
         data-ad-client="ca-pub-xxxxxxxxxxx"
         data-ad-slot="2445020xxx"
         data-ad-format="auto"></ins>
    <script>
    (adsbygoogle = window.adsbygoogle || []).push({});
    </script>

    to this

    <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script><!-- Right Box #3 content --><script>
    (adsbygoogle = window.adsbygoogle || []).push({});
    </script>

    using the above edit in 6.1.x seemed to work and it saved the code as is

×
×
  • Create New...