jasehead Posted February 28, 2017 Share Posted February 28, 2017 I just exported a copy of my cubecart database prior to fiddling/upgrade and was browsing through when I noticed things like this in the CubeCart_search table: HTTP://SVZTGXEPMYEU.COM/ - or other random letter url always the same length (these were early on in the list so I expect they're old) SLEEP(3) - often as part of a longer string like '2015'&&SLEEP(3)&&'1' BENCHMARK(2999999 MD5(NOW())) الميرغني - or part/similar \\"X\\"=\\"X - or - 'X'='Y - or similar KM;L'/;M'/ SIDIVYA;VIDEOXXX;X I'm not sure what they might be sniffing for, but the MD5 suggests they are looking for a password weakness in the HTML output - and I guess they're testing if the search function mines the page code and not just the displayed text. Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted February 28, 2017 Share Posted February 28, 2017 Yes some one or some bot is messing. Shouldn't be anything to worry about. Quote Link to comment Share on other sites More sharing options...
keat Posted March 1, 2017 Share Posted March 1, 2017 I've just cleared out a few hundred today, although I've no idea how long they've been there. My server now runs Mod Security so hopefully, this should be well protected anyway. Quote Link to comment Share on other sites More sharing options...
jasehead Posted March 2, 2017 Author Share Posted March 2, 2017 Also noticed bots in the Customer Access Log (Admin > Advanced > Staff Access Log then Customer Access) - easy to pick these bots because they try using a name rather than an e-mail address and have a big red X. I checked a lot of IP addresses to get a pattern, and so far I've blocked Russia, Ukraine, Israel and Slovenia plus a few individual IPs from countries where I have customers - seems to have made a big difference. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.