Jump to content

Receiving russian emails from contact us


foz1234
 Share

Recommended Posts

There some of the IP addresses I have captured.

They get past the recommended capture code on this page:  https://www.harrisorganicwine.com.au/shop/contact-us.html  They are all have russian script in them and are arriving after changing the code in ini-custom.inc.php as above.

 46.33.41.40

92.255.198.132

141.101.69.80

141.101.77.51

5.188.84.251

162.158.183.124

176.67.86.32

46.33.33.28

172.68.246.15

172.69.190.53

162.158.183.214

172.69.190.65

162.158.154.86

162.158.183.232

172.69.190.67

162.158.158.156

162.158.154.62

31.181.158.233

46.53.253.43

141.101.98.85

162.158.183.192

172.69.10.137

172.68.239.168

162.158.165.17

141.101.98.15

141.101.96.27

141.101.69.156

141.101.69.36

141.101.96.128

141.101.99.212

141.101.76.157

172.68.37.9

172.68.238.139

172.69.222.53

162.158.183.194

172.68.37.41

172.68.239.232

162.158.183.154

141.101.96.207

162.158.158.180

162.158.183.104

172.68.244.61

172.69.55.107

172.69.55.11

172.69.54.238

162.158.183.158

108.162.229.145

 Put them in your Banned IP Addresses list if you like.

Meanwhile I have just added Russia as a country (in settings; countries and zones) with the status disabled. Will that make any difference?

 

Country Name ISO Alpha-2 ISO Alpha-3 ISO Numeric EU Status  
 
Russia RU RUS 643 Enable

 kindest regards

Duncan Harris

Link to comment
Share on other sites

You may have had your list of countries truncated to only a few, or maybe none at all, but a stock install of Cubecart will have "Russian Federation" in the database with those details.

The purpose of having this database table is for purposes other than banning/blocking visitors.

The recent edit to ini-custom.inc.php scans for Cyrillic characters in the UTF-8 scheme.

If possible, reply with a sample of the "russian" characters that are getting through. Specifically, try to post the hex value equivalents of those characters. They may be "russian" but not in the UTF-8 scheme.

Link to comment
Share on other sites

This one arrived this morning.

Александр <[email protected]> wrote to Organic Wine Online Shop:---------------Получить AnyDesk для Windows https://anydesk.com/ru/downloads/windows---------------This email is sent from the store's master email address but it is possible to reply directly to the sender using the reply button on your email software. ip address:141.101.98.193

Link to comment
Share on other sites

Just checking the last of the code.

I have 

if (preg_match('/.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*/u', $_POST['contact']['enquiry'])) exit;

instead of 
if (preg_match('#.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*#', $_POST['contact']['enquiry'])) exit;

will change and see what happens.

Link to comment
Share on other sites

OK, this is what I have.

<?php
# Custom initialization commands
# Filename: ini-custom.inc.php
# File location: main CubeCart folder

#  ini_set('memory_limit', '256M');
#  ini_set('max_execution_time', '60');
#  ini_set('error_log', 'error_log');
#  ini_set('log_errors', 'on');

if(

  (

    (isset($_GET['seo_path']) && $_GET['seo_path'] == "register")

    ||

    (isset($_GET['_a']) && $_GET['_a'] == "register")

  )

  &&

  !empty($_POST['first_name'])

  &&

  !empty($_POST['last_name'])

  && 

  (

    (!empty($_POST['phone']) && $_POST['phone']=="123456")

    ||

   # //preg_match('/[A-Z]\z/',trim($_POST['first_name']))===preg_match('/[A-Z]\z/',trim($_POST['last_name']))

    (ctype_upper(substr(trim($_POST['first_name']),-2)) && ctype_upper(substr(trim($_POST['last_name']),-2)))

    ||

    !empty($_GET['agreed'])

  )

) exit; // Kills PHP leaving browser with white screen
if (preg_match('/.*[\x{0400}-\x{04ff}\x{0500}-\x{052f}\x{2de0}-\x{2dff}\x{a640}-\x{a69f}\x{1d2b}-\x{1d78}].*/u', $_POST['contact']['enquiry'])) exit;

?>

Link to comment
Share on other sites

  • 2 weeks later...

I have received a few in the last 10 days using the latest code. Here is the latest message.

Subject: Прикладной подход к управлению деловой репутацией компании в интернет. SERM / ORM / HM / PR

Content:  

Tiffanisog <[email protected]> wrote to Organic Wine Online Shop:--------------- serm репутация rebooster

 удаление отзывов москва serm на яндекс

 серм агентства компании по работе с репутацией serm цена

Репутационный маркетинг от reBooster – это не исключительно зачистка или вброс отзывов для нужных сайтах. В первую очередь – это белые способы работы с репутацией компании и бренда.

Всякий маркетинговый бюджет, вложенный около негативной репутации в узы - это сожженные средства компании!

Link to comment
Share on other sites

Please try this one:

if (preg_match('/.*[\u0400-\u04ff\u0500-\u052f\u2de0-\u2dff\ua640-\ua69f\u1d2b-\u1d78].*/', $_POST['contact']['enquiry'])) exit;

But I am not sure if this is PHP's version of the Perl Regex.

Please remind me of the exact version of PHP your site is using.

Edited by bsmither
Link to comment
Share on other sites

According to this, it may have actually been not possible to test for unicode codepoints prior to PHP7:

https://www.php.net/manual/en/migration70.new-features.php#migration70.new-features.unicode-codepoint-escape-syntax

Here is another test to try:

if (preg_match('/.*\p{Cyrillic}.*/u', $_POST['contact']['enquiry'])) exit;

But I think that was already tried.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...