Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
Forum Search
Google Site Search
 All Forums
 Technical
 PHP (Unix / Linux / Apache) versions
 Hacker adding bogus affiliate entries
Author « Topic »  

SBriggs
New Member

United Kingdom
86 Posts

Pre-sales questions only
(More Details...)

Posted - 12/08/2024 :  05:00:16  
Hi,
We've evidently recently had a hacker submitting lots of 'Ask a Question' requests with garbage database query in the text fields. We've now blocked that on IP as well as limiting the max number any individual can submit.

At the same time as noticing that, I see we've got over 1100 bogus affiliates now showing up. I've deleted the lot of them from the Admin.

The question is, how come someone was able to add any affiliates?
(Our Admin password is strong - I've just changed it just to be sure - and there are no secondary users defined. No other hacking stuff noticed so far.)

Without looking in the d/b tables, there doesn't seem to be any record of the IP that added each affiliate or any other logging of where/when each one was added. I have blocked the IP of the 'Ask a Question' person and that may get rid of them on this side as well if it is the same culprit. Judging by the way it was all entered, I suspect the same 'person' so maybe the IP block will get rid of them...

Thanks,

Steve.

Pragmasis Limited
https://SecurityForBikes.com

Phil
ECT Moderator

United Kingdom
7686 Posts

Posted - 12/08/2024 :  05:38:17  
Hi Steve,
quote:
The question is, how come someone was able to add any affiliates?


I'm assuming they're doing multiple sign ups here - https://securityforbikes.com/affiliate.php

Have you considered adding Google reCaptcha to the sign up form?





*Contact Us*
*Buy The PHP Capture Card Plugin*
*Rate Our Services/View Our Feedback*

SBriggs
New Member

United Kingdom
86 Posts

Pre-sales questions only
(More Details...)

Posted - 12/08/2024 :  08:50:41  
Hi Phil,

Doh, no, we have virtually never had an issue where this has happened before so I've got away with burying me head in the sand as far as needing Recaptcha is concerned. Besides, I only just discovered that it's free for modest levels of use. Bargain!

I'll take more of a look ASAP.

Thanks,

Steve.

Pragmasis Limited
https://SecurityForBikes.com
  « Topic »  
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.03 seconds. Snitz Forums 2000