Security concern in provided Themes/Plugins (Not Sure)

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
2 Jahre weitere
Hi,
I was trying to spin up a Nop commerce site, Everything was perfect until I reviewed some log history.
I am seeing an unknown domain name in my log file:

when i followed the link, what i viewed was not expected at all.  another domain is serving my same website with everything i set up:

after checking some other logs, i  have found another same kind of domain doing the same thing.

i can even log in to the other sites with the same credentials i can use in my site as well.

i am using the Blackshop theme with some other plugins all from the official marketplace listing.
All of the websites are running at the moment.

https://imgur.com/a/YIsV9FJ
0
2 Jahre weitere
What are the two domains and where are you seeing them ?
https://designfree.xyz/is using the same logo as http://supportultcom.com/
but they are differnent websites ?
Select Systems International - nopCommerce Plugin Developer
and eCommerce solution developer
www.SelectSystems.com.au - [email protected]
0
2 Jahre weitere
They're both unknown to me.
I don't know any of them and how are they serving with my nginx webserver.
my webserver configuration has nothing about these two domains.
0
2 Jahre weitere
I am seeing them in my NopCommerce log.
0
2 Jahre weitere
abdullahbinhasan wrote:
Hi,
I was trying to spin up a Nop commerce site, Everything was perfect until I reviewed some log history.
I am seeing two unknown domain names in my log file:
https://imgur.com/cSZgNBY
when i followed the link, what I saw was not expected at all. this unknown domain is serving my same website with everything i set up:
https://imgur.com/abYFeB8
after checking some more logs, i  have found another domain is doing the same thing, serving my website.
https://imgur.com/ya3fjpK
i can even log in to the other sites with the same credentials i can use in my site as well.
https://imgur.com/abYFeB8
i am using the Blackshop theme with some other plugins all from the official marketplace listing.
All of the websites are running at the moment.

https://imgur.com/a/YIsV9FJ
0
2 Jahre weitere
Let's Make it more clear,
My site is :  https://Martbd.com

I am seeing these two sites in my log file:
https://designfree.xyz/
[url] http://supportultcom.com/[/url]

I don't know any of these two domains. and they're serving my hosted site in their sites.
these two website's whois lookup is also showing my webserver's public ip.
I can use my website's credentials to login to these two sites.
all these three websites are currently up and running.
0
2 Jahre weitere
https://designfree.xyz/ See https://who.is/whois-ip/ip-address/104.21.57.175
[url] http://supportultcom.com/[/url] See https://who.is/dns/supportultcom.com Pointing to 140.238.229.18

Your site [url=I am not an expert but it looks to be a wierd setup] https://who.is/whois/martdb.com does not have DNS records forwarding site to nameserver https://who.is/whois-ip/ip-address/121.12.104.97 in Brisbane

I am not an expert but it looks to be a wierd setup of address  and domain names - did you set up the hosting ?
If in fact it is not the same website at the end of the chain and you say you can login in on both sites then someone has set it up that way.
There might be a perfectly logical reason why it looks like this - so if you talk to your it provider and they can explain it then now worries.
Otherwise I would have some concerns
Select Systems International - nopCommerce Plugin Developer
and eCommerce solution developer
www.SelectSystems.com.au - [email protected]
1
2 Jahre weitere
http://martdb.com
this is not my website, you had a typo.
my website is : http://martbd.com
i set up my website myself. i know my configuration has nothing about that two websites.
first of all my public ip is hidden by Cloudflare, and i am using an nginx loadbalancer to point to my another Nginx proxy server that has the nopcommerce running. only my loadbalancer public ip is given to the Cloudflare, i don't know how someone managed to know my nopcommerce machine public ip which is :"140.238.229.18" and using it as, i don't know what to say! Hijecking? Backdoor?
also in my both Nginx server setup, i am only listening to my domain only.
i can bind my webserver to listen only to my loadbalancer and solve the problem immediately.
i think someone from the plugin or theme provider is doing this intentionally. i don't know why.
these two domains were using the same Nameserver but someone has changed this one's to Cloudflare recently: https://designfree.xyz/ . Both of these websites are pointed to my machine's IP address. but how they are able to serve my site?
I don't know how dotnet core works. I just deployed the nopcommerce by following the official Linux installation tutorial and everything is working fine except for this wired problem.
I just wanted to know which one from the Plugin or theme provider is doing this and for what reason.
0
2 Jahre weitere
So here is the final thought:
This problem seems to be not connected with Plugins or Themes.
I have found some other related issues connected with this:
https://www.nopcommerce.com/en/boards/topic/26045/fake-url-injection-in-homepage-nop-300-site/page/4#152344
https://www.nopcommerce.com/en/boards/topic/44545/image-source-is-pointing-to-entirely-different-domain
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.