ProductCart Shopping Cart Software Forums : SQL attacks or coincidence

ProductCart Shopping Cart Software Forums : SQL attacks or coincidence https://forum.productcart.com/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Sat, 11 Apr 2026 19:29:27 +0000 Sat, 11 Aug 2012 09:18:15 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.04 360 https://forum.productcart.com/RSS_post_feed.asp?TID=5249 <![CDATA[ProductCart Shopping Cart Software Forums]]> https://forum.productcart.com/forum_images/pc_logo_50.png https://forum.productcart.com/ <![CDATA[SQL attacks or coincidence : Hamish, as a point of interest,...]]> https://forum.productcart.com/sql-attacks-or-coincidence_topic5249_post20090.html#20090 Author: Greg Dinger
Subject: 5249
Posted: 11-August-2012 at 9:18am

Hamish, as a point of interest, the store where we built in a defense mechanism last month (against abuse of the contact page) was fairly current (4.1) and had CAPTCHA engaged. CAPTCHA did nothing to slow the attack. The merchant became weary of deleting e-mails and had us cut them off at 3 submissions from any given IP.]]> Sat, 11 Aug 2012 09:18:15 +0000 https://forum.productcart.com/sql-attacks-or-coincidence_topic5249_post20090.html#20090 <![CDATA[SQL attacks or coincidence : The Tell-A-Friend has by default...]]> https://forum.productcart.com/sql-attacks-or-coincidence_topic5249_post20089.html#20089 Author: Hamish
Subject: 5249
Posted: 11-August-2012 at 7:46am

The Tell-A-Friend has by default a captcha code, unless you explicitly disable it ( in recent versions of ProductCart anyway). That should deter all but the most determined attempts at abusing the page to send messages as it needs human interaction. Its the old old story, there are so many websites out there that are vulnerable they will almost always move on to an easier target if there is a Captcha code.]]> Sat, 11 Aug 2012 07:46:18 +0000 https://forum.productcart.com/sql-attacks-or-coincidence_topic5249_post20089.html#20089 <![CDATA[SQL attacks or coincidence : It is fairly common that spammers...]]> https://forum.productcart.com/sql-attacks-or-coincidence_topic5249_post20087.html#20087 Author: Greg Dinger
Subject: 5249
Posted: 10-August-2012 at 4:44pm

It is fairly common that spammers will attack the TAF page, exploiting it with an automated process to send spam.

When they do that, it's been our practice to turn off TAF in the store, rename the file (thus hiding it) for some days until the spammer goes away.

Left available for them, if they continue to exploit the page, your mail server can be blacklisted, and your site can be found to be violating your host's terms of use agreement.

As a note, we recently build script modifications that allow the merchant to dictate the number of consecutively repeated uses of the contact page, and of the authorize.net page, before we redirect the offender to an error page. This was in response to the sorts of issues where stores are being used to test stolen credit cards, and some flake who tried to exploit a client's contact page.

Both of these solutions are available for purchase if anyone needs them.

]]> Fri, 10 Aug 2012 16:44:03 +0000 https://forum.productcart.com/sql-attacks-or-coincidence_topic5249_post20087.html#20087 <![CDATA[SQL attacks or coincidence : Today I received three "Tell...]]> https://forum.productcart.com/sql-attacks-or-coincidence_topic5249_post20086.html#20086 Author: M Robles
Subject: 5249
Posted: 10-August-2012 at 3:16pm

Today I received three "Tell a friend" notifications hours apart for products which are random and items we never sell. I hardly ever receive TaF notifications and I find it suspicious. Should I be worried that someone is trying to get into my store?

]]> Fri, 10 Aug 2012 15:16:22 +0000 https://forum.productcart.com/sql-attacks-or-coincidence_topic5249_post20086.html#20086