Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26
  1. #11
    Join Date
    Apr 2007
    Location
    Herts. UK
    Posts
    890
    Plugin Contributions
    4

    Default Re: Security or hacking issues ?

    >teamzr1 said...
    >As seen the super high daily counts show no change between versions .7 and .8a
    >Counter History for last 10 recorded days Session - Total
    >09/11/2008 204 - 241
    >09/10/2008 139 - 159
    >09/09/2008 414 - 470

    You should ignore the Counter History in the Zen Cart admin section. It does not work properly due to a long standing bug in Zen Cart. Every time a search engine spider looks at one of your pages the sessions counter will go up by one. This causes the figures to be vastly over inflated.

    Regards,
    Christian.

    Ref: http://www.zen-cart.com/forum/showthread.php?t=63121
    Last edited by DrByte; 13 Sep 2008 at 04:38 AM. Reason: added link

  2. #12
    Join Date
    Jun 2007
    Posts
    42
    Plugin Contributions
    0

    Default Re: Security or hacking issues ?

    Thanks Christian for confirming what I suspected as to search engines and spiders/robots

    Any ideas what could be put in a robot.txt that could reduce this ?

    Something like ? :

    User-agent: *
    Disallow: /public_html/fstore/

  3. #13
    Join Date
    Oct 2006
    Location
    Alberta, Canada
    Posts
    4,571
    Plugin Contributions
    1

    Default Re: Security or hacking issues ?

    Admin > Configuration > Sessions
    Prevent Spider Sessions - true

    Try the above setting and see if that helps.

  4. #14
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Security or hacking issues ?

    With respect to Christian's comment about counters vs spiders, see this thread: http://www.zen-cart.com/forum/showthread.php?t=63121
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #15
    Join Date
    Jun 2007
    Posts
    42
    Plugin Contributions
    0

    Default Re: Security or hacking issues ?

    Quote Originally Posted by Website Rob View Post
    Admin > Configuration > Sessions
    Prevent Spider Sessions - true

    Try the above setting and see if that helps.
    I checked that and it is set to TRUE and has been as a default

  6. #16
    Join Date
    Jun 2007
    Posts
    42
    Plugin Contributions
    0

    Default Re: Security or hacking issues ?

    Quote Originally Posted by DrByte View Post
    With respect to Christian's comment about counters vs spiders, see this thread: http://www.zen-cart.com/forum/showthread.php?t=63121
    I added the code as you posted in that thread so now will have to wait a few days and see if the counts are much lower then as of this Saturday AM
    This will work when prevent spider sessions is set to TRUE ?

    Counter History for last 10 recorded days Session - Total
    09/13/2008 62 - 62
    09/12/2008 123 - 216
    09/11/2008 218 - 255
    09/10/2008 139 - 159
    09/09/2008 414 - 470
    09/08/2008 389 - 412
    09/07/2008 215 - 313
    09/06/2008 174 - 177
    09/05/2008 144 - 165
    09/04/2008 368 - 402
    Last edited by teamzr1; 13 Sep 2008 at 04:38 PM.

  7. #17
    Join Date
    Jun 2007
    Posts
    42
    Plugin Contributions
    0

    Default Re: Security or hacking issues ?

    Well the "who is online" is showing ( spider allowed in doing a crawl :-(
    at the search page


    00:02:23 0 ¥Spider 66.249.67.106 10:29:00 10:29:15
    Time Since Clicked:
    00:02:08 ago Session ID:
    Host: crawl-66-249-67-106.googlebot.com
    User Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    /fstore/index.php?main_page=advanced_search&keyword=interface&search_in_description=1&in c_subcat=0&sort=20a&alpha_filter_id=83

  8. #18
    Join Date
    Jun 2003
    Posts
    33,721
    Plugin Contributions
    0

    Default Re: Security or hacking issues ?

    Why are you so worried about the spiders? You need them to get your pages in the search engines?
    Please do not PM for support issues: a private solution doesn't benefit the community.

    Be careful with unsolicited advice via email or PM - Make sure the person you are talking to is a reliable source.

  9. #19
    Join Date
    Apr 2007
    Location
    Herts. UK
    Posts
    890
    Plugin Contributions
    4

    Default Re: Security or hacking issues ?

    @teamzr1...
    You should apply the fix that DrByte posted in the above mentioned thread. Also check that in Admin > Configuration >Sessions you have the following set...
    Force Cookie Use: False
    Prevent Spider Sessions: True

    Doing the above three things will ensure that spiders do not add to the session counter on the admin page. They will still crawl your site and you'll still see them in Who's Online and that is fine.

    Regards,
    Christian.

  10. #20
    Join Date
    Jun 2007
    Posts
    42
    Plugin Contributions
    0

    Default Re: Security or hacking issues ?

    Force cookie use is set to false and prevent spider sessions is set to true
    and the code change was done but
    still seeing sessions that are supposed to be blocked ?

    00:13:26 0 ¥Spider 66.249.67.106 11:35:10 11:36:43
    Time Since Clicked:
    00:11:53 ago Session ID:
    Host: crawl-66-249-67-106.googlebot.com
    User Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    /fstore/index.php?main_page=advanced_search&keyword=interface&search_in_description=1&in c_subcat=0&sort=20a&alpha_filter_id=74

    00:05:50 0 ¥Spider 61.247.222.55 11:42:46 11:42:46
    Time Since Clicked:
    00:05:50 ago Session ID:
    Host: 61.247.222.55
    User Agent: Yeti/1.0 (NHN Corp.; http://help.naver.com/robots/)

    ---------------

    As to the question why focusing in on this ?

    Well when you see high daily counts, zero real users, what visitors you do see are from other countires and not your own then you have to suspect, play it save and determine the WHYs.

    When your customers who have their private info from past purchases are in Zen Cart then clearly we need to know the end results, 20/20 hindsight is one thing but not knowing the WHYs is not good enough with customer information or someone hacking and using our domain by some backdoor into the frontstore ? ? ?

 

 
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. ie security issues
    By AmandaGero in forum General Questions
    Replies: 2
    Last Post: 11 Sep 2010, 05:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg