Jump to content

Evidence of hacking attempts in CubeCart_search table?


jasehead

Recommended Posts

I just exported a copy of my cubecart database prior to fiddling/upgrade and was browsing through when I noticed things like this in the CubeCart_search table:

  • HTTP://SVZTGXEPMYEU.COM/  - or other random letter url always the same length (these were early on in the list so I expect they're old)
  • SLEEP(3) - often as part of a longer string like '2015'&&SLEEP(3)&&'1'
  • BENCHMARK(2999999
  • MD5(NOW()))
  • الميرغني - or part/similar
  • \\"X\\"=\\"X - or - 'X'='Y - or similar
  • KM;L'/;M'/
  • SIDIVYA;VIDEOXXX;X

I'm not sure what they might be sniffing for, but the MD5 suggests they are looking for a password weakness in the HTML output - and I guess they're testing if the search function mines the page code and not just the displayed text.

Link to comment
Share on other sites

Also noticed bots in the Customer Access Log (Admin > Advanced > Staff Access Log then Customer Access) - easy to pick these bots because they try using a name rather than an e-mail address and have a big red X.  I checked a lot of IP addresses to get a pattern, and so far I've blocked Russia, Ukraine, Israel and Slovenia plus a few individual IPs from countries where I have customers - seems to have made a big difference.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...