Yesterday it happened again. This time it changed the link of the logo picture replacing the site name by www.ly.com.
Once the cache is cleaned, the original link to ww.mystore.com is restored. It's not very severe, but I think it maybe a further problem when the shop is open if a wrong picture is seen by the customers.
I have informed the hosting, and they affirm the server is ok, with updated sw and no virus. The environment is shared hosting, nop 3.4, nop-template Art factory + free nop-ajax plugins
About the same time, in the control panel log appeared an error. I don't know if it is related to the problem 'The controller for path 'css/css' was not found or does not implement IController'
In the server logs, there are tons of GET and POST commands. My IP is 5.10.X.X There are a couple of scans done by Morfeus Fu**ing Scanner (**=ck), but I guess the relevant stuff is the following two Ip's activity:
Since the store is closed to public, the only forms that can be found are email and password in login and register pages, and newsletter email. What do you think? Maybe some kind of XSS attack?
I'm not a programmer, so the only thing I can access is asking the hosting to block the IP ranges from the ISPs, but maybe others can try fron different IPs.
I would appreciate very much any idea of how can I solve this problem. (code patch, hosting that can avoid this by mean of special measures...)
I asked the hosting to block the suspicious IPs, but they told me that it's not possible in a shared hosting, because maybe other users are not interested in blocking them ??
So I'm moving to another hosting, hoping to block that IPs...
Thanks for your help. I'm very sorry, since the code was restored after the cache cleaning, I have no further infected code to show...
Sorry for not to writing the site url. It's a personal e-shop with my wife, and I wouldn't like to appear the site's name reporting possible attacks...it could be no good for business if customers find it in google. i hope you understand.
I have moved to another hosting, and I will pay attention if it happens again, to advise in the forum and try to get the code.
We've just had the same problem, with image URL:s being changed on one of our sites. nopCommerce 3.40 with Simplecheckout, Nivoslider and SpeedFilters plugins. After a simple site restart the URL:s were restored.
In our logs we could also note the "Morfeus Fu**ing Scanner"...
We are running 3.5, having the same problem. Base url is being changed randomly to different other sites. Clearing the cache might help for a little while, sometimes even that wouldn't work, a restart of IISvc is required. Web server is 2012 IIS8.5 with all the latest service packs. This has become a major issue preventing us from going forward with NopCommerce platform. Experts please help!!!
Same thing here! storeUrl is changing. This is the second time so far. At first time it was an IP (I thought I did something wrong so I didnt care) This time it is "http://dns.cloud.ph/".
I am using bunch of plugins including one for the watermarks which changes the images on the fly, but I decompiled the plugin dll and nothing there to change the store URL or a js.
Worst case I will check all the plugins I dont know where else to look, It will be great for the community to find the reason
Most of the changed URLs look like spam spiders or whatever they r.
Is it possible that they change the header for the "HTTP_HOST" while visiting or posting to our site, because that is what GetStoreHost(bool useSsl) method uses in the WebHelper.cs to get the storeLocation.
So if that is possible, while the store cache is empty and those crawler visits our site, the storelocation being set by their host. And it rarely happens so that kinda makes sense to me.
Is it possible? any idea?
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.