We have been using hosted service for a year now, up to now to present a front end for finding and receiving free media downloads. We intend to add paid downloads to the process, and will soon be adding a payment processor to the site.
An issue of concern has arisen. In reviewing the View Page Tracking log, we see a consistent application of urls entered as search terms. While the urls are not all the same, further research prove them to be related to spam sites. Are these intended as security attacks, like url injection but through the search field rather than site url? Are you protected against such attacks?
Here is a sampling of some of the most recent.
/Search.aspx?k=http%3a%2f%2fpropeciausa.com%2f
/Search.aspx?k=http%3a%2f%2fvolumepillsshop.com%2fhow-volume-pills-work.html
/Search.aspx?k=http%3a%2f%2fwww.avardenafil.com%2f
/Search.aspx?k=http%3a%2f%2fenvironmentalbuilding.net%2fjusthost%2f
/Search.aspx?k=http%3a%2f%2faboutgenf20.com%2f
/Search.aspx?k=http%3a%2f%2foutletjacka.com%2f
Possible Breach Attempts Via Search
-
ForumsAdmin
- AbleCommerce Moderator
- Posts: 399
- Joined: Wed Mar 13, 2013 7:19 am
Re: Possible Breach Attempts Via Search
It appears that the spammers are using new tehcniques to make their sites mentioned anywhere possible. What the spammers are apparently doing here is to search their own sites on your search page. If you are keeping histor of search terms, their website URLs will get recorded in your database of popular searches. If you have a feature that makes search suggestions based on popular search terms, it will end up suggesting URLs of these spam websites on your store.
As for URL injection attacks, we have the site protected for such attacks. User input doesn't get emitted to the browser without being scrutenized.
Btw the above URLs don not look like injection attacks. They are only sending the spam website URLs as search terms.
As for URL injection attacks, we have the site protected for such attacks. User input doesn't get emitted to the browser without being scrutenized.
Btw the above URLs don not look like injection attacks. They are only sending the spam website URLs as search terms.
Re: Possible Breach Attempts Via Search
Thanks for the quick reply.
-
NC Software
- AbleCommerce Partner
- Posts: 4620
- Joined: Mon Sep 13, 2004 6:06 pm
- Contact:
Re: Possible Breach Attempts Via Search
Does ForumsAdmin have a name?
Neal Culiner
NC Software, Inc.
NC Software, Inc.
-
Shopping Cart Admin
- AbleCommerce Admin
- Posts: 3055
- Joined: Mon Dec 01, 2003 8:41 pm
- Location: Vancouver, WA
- Contact:
Re: Possible Breach Attempts Via Search
Howdy Neal,
ForumsAdmin can be any of a number of folks at AbleCommerce, we setup a single user which could be monitored by multiple people so that replies can be prompt even if the initial author was heavily tasked that day.
ForumsAdmin can be any of a number of folks at AbleCommerce, we setup a single user which could be monitored by multiple people so that replies can be prompt even if the initial author was heavily tasked that day.
Re: Possible Breach Attempts Via Search
Doesn't Gold have that feature?ForumsAdmin wrote:If you are keeping histor of search terms, their website URLs will get recorded in your database of popular searches. If you have a feature that makes search suggestions based on popular search terms, it will end up suggesting URLs of these spam websites on your store.
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
-
ForumsAdmin
- AbleCommerce Moderator
- Posts: 399
- Joined: Wed Mar 13, 2013 7:19 am
Re: Possible Breach Attempts Via Search
Yes Gold has this feature but the question here was posted for AC7 I think.