Fandango
-
Posts
6 -
Joined
-
Last visited
Posts posted by Fandango
-
-
17 hours ago, bsmither said:
I am going to ignore the lines that appear to come from an SSL Cert manager.
I just wanted to make sure there is an appropriate RewriteBase directive.
It will be interesting as to what would be found in the web access logs.
I've downloaded the access logs for the past month, wow there's a lot of data to go through and try to understand what is legit and what is looking suspect lol.
Having imported it into a spreadsheet so that it's easier to read and checking IP addresses against an IP lookup it looks like there is a lot of suspicious IP's that access my website just prior to the weird URL's appearing, these IP's are all associated with Dmytro Ahrefs Pte Ltd which according to abuseipdb.com is an ISP and there are literally thousands of abuse reports on there of varying nature for lots of different IP's associated with it.
I think the above is the culprit so I'm now starting to block all of the IP's associated with that through the IP blocker on CPanel.
Thanks for your help, much appreciated
-
On 12/21/2023 at 5:36 PM, bsmither said:
Does your host keep logs of page requests (web access)?
If so, scanning through them looking for these weird URI's might provide a clue, such as there might be only one IP address doing this.
Please also check the contents of the ,htaccess file. There should be these directives:
### Rewrite rules for SEO functionality ### <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /
The RewriteBase is the important directive.
Hi Brian, thanks I'll have a look at the logs if I can find them.
the htaccess file on mine shows the RewriteBase but also has all of the below on it too as I believe it's to do with the SSL Certificate from Let's Encrypt.##### START CubeCart .htaccess ##### ## File Security <FilesMatch "\.(htaccess)$"> Order Allow,Deny Deny from all </FilesMatch> #### Apache directory listing rules #### DirectoryIndex index.php index.htm index.html IndexIgnore * #### Rewrite rules for SEO functionality #### <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / ######## START v4 SEO URL BACKWARD COMPATIBILITY ######## RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteRule cat_([0-9]+)(\.[a-z]{3,4})?(.*)$ index.php?_a=category&cat_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteRule prod_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=product&product_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteRule info_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=document&doc_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteRule tell_([0-9]+)(\.[a-z]{3,4})?$ index.php?_a=product&product_id=$1&%1 [NC] RewriteCond %{QUERY_STRING} (.*)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteRule _saleItems(\.[a-z]+)?(\?.*)?$ index.php?_a=saleitems&%1 [NC,L] ######## END v4 SEO URL BACKWARD COMPATIBILITY ######## RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteRule ^(.*)?$ index.php?seo_path=$1 [L,QSA] </IfModule> ## Default store 404 page ErrorDocument 404 /index.php ##### END CubeCart .htaccess ##### -
I have been in touch with my hosting company support and they say it's an issue with CubeCart.
We see the following error in your error log file : No callback method defined. in /home/webcarsa/public_html/aceairsoft.co.uk/classes/cubecart.class.php on line 311
In addition, we have scanned the content of your account using Imunify360 scanner and have not found any malware or malicious content/scripts.
We assume that the problem may be related to both the site content and CubeCart.
Any thoughts would be most welcome.
Thanks in advance. -
Hi all, on one of the domains I have on my hosting package I have a CubeCart installation, every now and again and without any input from me some strange URL's appear on the website front end instead of what the actual store product category URL's should be (example as below), however once I clear the cache in the Admin the URL's disappear from the front end and they go back to how they should be.
For Example E.G. The real store URL for Category "Next Game" should be: https://www.aceairsoft.co.uk/next-game.html
Yet I get strange URL's like this one that appear now and again: https://www.aceairsoft.co.uk/online-store-122/books/american-christian-education/literature/benjamin-west/next-game.html
The strange URL's just give a "404 Page Not Found" error on the front end of my website which can be a pain for my customers.
I was just wondering if this could be due to a shared hosting issue, a CubeCart issue or could it even be a targeted attack on my website?
Look forward to hearing any thoughts.
Cheers Carl
Strange URL's appearing on my CubeCart
in General Discussion
Posted
Well I've blocked the entire IP range associated with Dmytro Ahrefs Pte Ltd and it looks like it has worked, no strange URL's have appeared since, unless they are just on holiday for the festive period that is lol.
Thanks for your help bsmither