Security or hacking issues ?

[teamzr1]

We see constant errors on the domain server for our domain.

It does have your newest 1.3.8a update and problem still occured.
The hosting service says it was a ZEND code issue and made these changes :

Zend]
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
zend_optimizer.version=3.3.3

zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

What did this code do and what does the code changes resolve.

what is seen via error logs on server the host service claims is not just our domain but all those domains on that server using your software.,

Stats via admin function of frontstore show 200-400 users a day when we really only have a view customers a month and "who is online" function shows many of thiose user hits coming from outside the USA where our content is only in english yet hits are from countires like china, russia, etc that do not use english as a norm.


MAIN error_log:
[Wed Sep 10 09:41:26 2008] [error] [client 58.8.56.144] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/scoop/list.p..._from=&ucat=43[Wed Sep 10 09:41:27 2008] [error] [client 58.8.56.144] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/scoop/list.p..._from=&ucat=43[Wed Sep 10 09:41:28 2008] [error] [client 58.8.56.144] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/scoop/list.p..._from=&ucat=43[Wed Sep 10 09:41:29 2008] [error] [client 68.103.4.173] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://bonsaichainsaw.com/index.php[Wed Sep 10 09:41:29 2008] [error] [client 74.6.22.112] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:29 2008] [error] [client 58.8.56.144] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/scoop/list.p..._from=&ucat=43[Wed Sep 10 09:41:30 2008] [error] [client 74.6.17.151] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:30 2008] [error] [client 72.20.99.20] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.broadcasthealth.com/category/Sports_Fitness[Wed Sep 10 09:41:31 2008] [error] [client 209.85.238.18] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:32 2008] [error] [client 209.68.66.124] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://qd9z.net/index.php?q=aHR0cDov...U1ZTJmMWNjNTQ2[Wed Sep 10 09:41:33 2008] [error] [client 209.68.66.124] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://qd9z.net/index.php?q=aHR0cDov...NmYTEwY2ZmN2M1[Wed Sep 10 09:41:33 2008] [error] [client 66.249.67.106] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:36 2008] [error] [client 38.99.68.197] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:38 2008] [error] [client 68.103.4.173] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://bonsaichainsaw.com/index.php?board=27.0[Wed Sep 10 09:41:44 2008] [error] [client 66.249.67.106] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:45 2008] [error] [client 70.15.64.209] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:45 2008] [error] [client 66.249.67.106] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:46 2008] [error] [client 66.249.67.106] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:47 2008] [error] [client 68.103.4.173] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://bonsaichainsaw.com/index.php?topic=3054.84[Wed Sep 10 09:41:47 2008] [error] [client 167.206.189.3] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:49 2008] [error] [client 167.206.189.3] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:41:56 2008] [error] [client 77.103.137.186] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.uddingstongrammar.com/Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:42:02 2008] [error] [client 70.15.64.209] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://bonsaichainsaw.com/index.php[Wed Sep 10 09:42:03 2008] [error] [client 72.20.99.20] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.broadcasthealth.com/category/Sports_Fitness[Wed Sep 10 09:42:03 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.google.co.th/search?um=1&...-8&sa=N&tab=iw[Wed Sep 10 09:42:03 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:04 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:04 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:04 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:05 2008] [error] [client 166.70.158.134] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:42:06 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:06 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:06 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:06 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:06 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:07 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:07 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:08 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:08 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:08 2008] [error] [client 202.29.55.70] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/travel.php?s..._from=&ucat=29[Wed Sep 10 09:42:10 2008] [error] [client 125.24.63.124] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.google.co.th/search?sourc...b8%b2%e0%b8%a2[Wed Sep 10 09:42:11 2008] [error] [client 74.6.22.112] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:42:13 2008] [error] [client 4.176.27.95] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:42:18 2008] [error] [client 125.24.63.124] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/content/%E0%...%B2%E0%B8%A2-0[Wed Sep 10 09:42:25 2008] [error] [client 68.103.4.173] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://bonsaichainsaw.com/index.php?...num_replies=86[Wed Sep 10 09:42:28 2008] [error] [client 68.103.4.173] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://bonsaichainsaw.com/index.php?...num_replies=86[Wed Sep 10 09:42:28 2008] [error] [client 125.24.63.124] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/content/%E0%...%B2%E0%B8%A2-0[Wed Sep 10 09:42:30 2008] [error] [client 125.24.63.124] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.sadoodta.com/content/%E0%...%B2%E0%B8%A2-0[Wed Sep 10 09:42:33 2008] [error] [client 72.20.99.20] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.broadcasthealth.com/category/Sports_Fitness[Wed Sep 10 09:42:33 2008] [error] [client 68.103.4.173] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://bonsaichainsaw.com/index.php?board=27.0[Wed Sep 10 09:42:35 2008] [error] [client 200.179.65.3] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals[Wed Sep 10 09:42:41 2008] [error] [client 212.11.171.66] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.chennaimetroblogs.com/category/personal/[Wed Sep 10 09:42:44 2008] [error] [client 69.88.6.142] Failed loading /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: /usr/local/Zend/lib/Optimizer/php-5.2.x/ZendOptimizer.so: undefined symbol: compiler_globals, referer: http://www.google.com/search?hl=en&c...efox-a&channel

[Kim]

ZEND is not Zen Cart and has nothing to do with the program. You have a problem on your server and need to talk to your host.

[Website Rob]

When a Hoster makes Server changes that cause problems for your site then your Hoster is the one you should talk to about the problems.

As to the error msgs. and presuming "sadoodta.com" is not your site, they are trying to do something they shouldn't and are being blocked; which shows up as an error. If it is your site and you think whatever is trying to be done should work, then you should be talking to your Hoster as it would be a Server problem.

[teamzr1]

Thanks for the replies.

I agree then the error log on the host server is not pointing to the problem or concerns which is

the daily history counters shown on main admin page report as many as 400 users in just 1 day when in fact we only get a few sales a month and when looking at "who is online" most we see is users (IP addresses) from outside the USA like russia, china etc and being our frontstore is english only content this adds up to a conern as what hundreds of users are doing as no signs they are going to product pages.

Since we do not publicly market the frontstore most do not even know it exists and thus even 100 valid visitors a day is suspect and not sure these connections are not getting in and stealing what customer have bought products and all their private credit card and personal information or doing something by hooking into the cart software ?

Counter History for last 10 recorded days Session - Total
09/10/2008 124 - 144
09/09/2008 414 - 470
09/08/2008 389 - 412
09/07/2008 215 - 313
09/06/2008 174 - 177
09/05/2008 144 - 165
09/04/2008 368 - 402
09/03/2008 112 - 136
09/02/2008 107 - 185
09/01/2008 171 - 192

[DrByte]

If you look at the "refer:" addresses in the logs you posted, you'll notice that those sites come from various places around the world. And, the fact that they're in your logs as referers suggests that something on "those" websites is a link back to *your* website.
That's likely where your increased traffic is coming from.

You may have to do some research to track down what's on their site that resembles a link to your URL.

I suppose it's possible that maybe they're all victims of a hack exploitation where someone's put links from their site to your site and maybe specifically into an exploit on *your* server that they're trying to create a curtain to hide behind.

While none of this specifically implicates anything specific to Zen Cart, your site may have been compromised.

I recommend that you treat it as though your site *may* have been compromised, and follow all the steps for recovering from hacks, as documented here:

http://www.zen-cart.com/wiki/index.p...ing_From_Hacks

I would also recommend the research of those other sites and ask their owners to take off the links to your site.


Moving this out of the Bug Reports area

[Vger]

Check with your hosts to see if any of those other sites are on the same server. In which case the errors appearing in your logs may be the result of a busted server.

It appears from the log, and your comments about what they did with regard to Zend and Zend Optimiser, that they have broken their PHP installation, probably as the result of a badly applied upgrade. It's possible that they have a version of Zend and Zend Optimiser which is not matched to the version of PHP they are using (they have to match).

Vger

[teamzr1]

If you look at the "refer:" addresses in the logs you posted, you'll notice that those sites come from various places around the world. And, the fact that they're in your logs as referers suggests that something on "those" websites is a link back to *your* website.
That's likely where your increased traffic is coming from.

You may have to do some research to track down what's on their site that resembles a link to your URL.

I suppose it's possible that maybe they're all victims of a hack exploitation where someone's put links from their site to your site and maybe specifically into an exploit on *your* server that they're trying to create a curtain to hide behind.

While none of this specifically implicates anything specific to Zen Cart, your site may have been compromised.

I recommend that you treat it as though your site *may* have been compromised, and follow all the steps for recovering from hacks, as documented here:

http://www.zen-cart.com/wiki/index.php/Recovering_From_Hacks

I would also recommend the research of those other sites and ask their owners to take off the links to your site.

----------------------------------------
----------------------------------------

Thanks

the URL you point to as to recovering from hacks :

We cannot compare orginal Zencart files as we did not manually install the software as it is a function of the hosting service.

Orginally we simply clicked on a install function as hostmonster the host has Zencart as a program and it installs the software into our domain directory. Until last week Version 1.3.7 was being used and this security problem was seen.

Hostmonster had the newest 1.3.8a and we simply hit a update icon on hostmonster and it does the software updating thus we do not have the orginal files.

Doing the update process I assume overwrote all the files of V 1.3.7 and same issue is seen with new files being used so you'd think if someone hacked a Zencart file it was overwritten and problem would have went away but its not with V 1.3.8.

In using the "check MySQL" for database of Zencart on hostmonster I see

teamzron_zc1.ubbt_BANNED_USERS OK teamzron_zc1.ubbt_BBCODE OK
teamzron_zc1.ubbt_CACHE warning : 3 clients are using or haven't closed the table properly status : OK
teamzron_zc1.ubbt_CACHED_PERMISSIONS warning : 3 clients are using or haven't closed the table properly
-------------------------
At that time I saw only ONE user on Zencart but SQL check says 3 clients have not closed the table properly
Is that any clue with those warnings shown ?

Is there any log for Zencart so we could see all visitors who were on the frontstore for the day to backtrack where they came from ?

[DrByte]

1. You said you used an "update icon" to do your upgrade ... That's cardinal rule number 1 broken. DO NOT EVER USE ANY ONE-CLICK SITE-UPGRADE BUTTONS. Unless you did that with full knowledge of what it was going to do to your site, that was probably a big mistake.
Nevertheless, THAT issue has nothing to do with security concerns.

2. Using hosting-company-provided installations leaves *you* completely in the dark about how your site or your software works ... meaning you'll end up running scared anytime even the slightest thing doesn't work as expected.
It also leaves you in a position of "thus we do not have the original files". In fact, you can download the Zen Cart files from the Zen Cart website. Click the Home link to find the download link on the home page. There's also an FAQ article explaining where to download the code ... which can be found by searching "where can I download" in the FAQ area: https://www.zen-cart.com/tutorials/index.php?article=323

3. I don't know what the "BANNED_USERS" or "CACHE" or "CACHED_PERMISSIONS" tables are for. Zen Cart doesn't have tables named like that. So, I can't vouch for any concerns you may have about those messages. Anything related to those has nothing to do with Zen Cart.

Everything you're talking about seems more related to upgrade and software issues ... and has nothing to do with people accessing your site from abroad.

Documentation references on the process of correctly upgrading your Zen Cart software can be found here: https://www.zen-cart.com/tutorials/index.php?article=98

[DrByte]

You asked about a "log for Zen Cart so we could see all visitors who were on the store for the day to track where they came from". No, Zen Cart doesn't log the details of every visitor. Zen Cart is not a website statistics application. It's ecommerce software. If you want statistics on every hit that visited your site, use your hosting company's tools such as awstats or analog or whatever they offer ... maybe even the raw access logs that the server generates.

If you want to add some logging for actual shopping activity, there's a user-tracking addon in the addons area that one could try. But if you don't even know how your software operates on your website, I suspect you'll have trouble installing the addon without some assistance. Again, it's designed to track shopping activity, not necessarily "every visitor" (if I recall correctly).

If you're concerned about visitors attempting to do rogue things on your site and just want to minimize traffic from wannabe hacker script kiddies, you can follow the tip posted here: https://www.zen-cart.com/tutorials/index.php?article=320 NOTE: This requires editing Zen Cart files, which affects upgrades.


I've given you advice on checking your site to see whether there is any unexpected content on it that might be a reason for people to intentionally visit it.
I've given you recommendations on researching the websites from which several visitors have attempted to visit your site.

What has been the result of those?

[teamzr1]

As I mentioned the concern with these high daily Zencart visitor counts occured before the update was done and in fact the update from 1.3.7 to 1.3.8a done 4 days ago was done to see if the newer version had changes to defend against hackers, etc so the upgrade process did not start this issue and in fact the daily user counts are no different then with the 1.3.7 and I assume all files were rewritten since we lost all custom content as to front page, shipping, returns, etc

As seen the super high daily counts show no change between versions .7 and .8a

Counter History for last 10 recorded days Session - Total
09/11/2008 204 - 241
09/10/2008 139 - 159
09/09/2008 414 - 470
09/08/2008 389 - 412
09/07/2008 215 - 313
09/06/2008 174 - 177
09/05/2008 144 - 165
09/04/2008 368 - 402
09/03/2008 112 - 136
09/02/2008 107 - 185

Looking at latest visitors from the server only tells us where people went but not the "who" so we know what time but no IP address to backtrack.


/fstore/includes/templates/classic/images/logo.gif
Http Code: 200 Date: Sep 11 20:32:50 Http Version: HTTP/1.1 Size in Bytes: 2617
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


/fstore/images/cd-wvi.jpg
Http Code: 200 Date: Sep 11 20:32:50 Http Version: HTTP/1.1 Size in Bytes: 19796
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


/fstore/images/banners/llogo.jpg
Http Code: 200 Date: Sep 11 20:32:51 Http Version: HTTP/1.1 Size in Bytes: 10504
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)





/fstore/images/VC-MAF_med.jpg
Http Code: 200 Date: Sep 11 20:32:51 Http Version: HTTP/1.1 Size in Bytes: 8310
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)





/fstore/images/llogo.jpg
Http Code: 200 Date: Sep 11 20:32:51 Http Version: HTTP/1.1 Size in Bytes: 10504
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)





/fstore/images/icebox2.JPG
Http Code: 200 Date: Sep 11 20:32:51 Http Version: HTTP/1.1 Size in Bytes: 56634
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)





/fstore/images/pcm.jpg
Http Code: 200 Date: Sep 11 20:32:51 Http Version: HTTP/1.1 Size in Bytes: 101795
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)





/fstore/images/SIFM_med.jpg
Http Code: 200 Date: Sep 11 20:32:51 Http Version: HTTP/1.1 Size in Bytes: 12674
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)





/fstore/images/ISG-10.jpg
Http Code: 200 Date: Sep 11 20:32:51 Http Version: HTTP/1.1 Size in Bytes: 70007
Referer: http://teamzr1.com/fstore/index.php?main_page=
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

Summary is not help as the numbers do not match the high user count Zencart reports

Summary by Month

Month Daily Avg Monthly Totals
Hits Files Pages Visits Sites KBytes Visits Pages Files Hits

Sep 2008 4526 3159 505 132 1426 508455 1455 5556 34758 49788

Main error log cannot be used as the host says it is for ALL domains on the server and not just ours so no way to even know which were to our domain to then backtrack the TCP/IP addresses

All we do have is the daily counts Zencart reports AND if we are in Admin mode and see WHO is ONLINE and that is when we see users from NON USA countries BUT the online counts are always just 1-3 users and nowhere at anytime do we see who is online anywhere near the 400 users a day Zencart counter reports.


Since Zencart is reporting daily user counts then it also should have data it monitored to up the daily counts and would be nice to see even timestamps to see if the counts are valid and if suddenly the counts jump rapid within a short timestamp