I have a new 2.0 site running currently only accessible via the server IP, I haven't set the DNS for the domain name yet. As I was looking through the IIS logs tonight expecting to see only entries from my connections, I found two entries that were from a server in LA. I am in the midwest. The two entries were specifically directed at the admin Excel export. These were the only entries that were not mine own entries. The entries were only 2 seconds apart and the IP only changed by one. Obviously someone familiar with nop and somehow able to find my site via IP. And probably reading this post!
/Admin/Product/ExportExcel - 80 - 74.217.148.72
/login ReturnUrl=%2fAdmin%2fProduct%2fExportExcel 80 - 74.217.148.73
FYI - nop Threat
- 657
- 7576
- 2011/8/10
- United States
angiengreg wrote:
It doesn't look like this is a nopCommerce threat, but someone got your IP address and tried to export your products. Even if they are familiar with the nopCommerce URL they obviously forgot you need to be authenticated before you can export products. I wouldn't be worried unless they become an authenticated administrator.
I have a new 2.0 site running currently only accessible via the server IP, I haven't set the DNS for the domain name yet. As I was looking through the IIS logs tonight expecting to see only entries from my connections, I found two entries that were from a server in LA. I am in the midwest. The two entries were specifically directed at the admin Excel export. These were the only entries that were not mine own entries. The entries were only 2 seconds apart and the IP only changed by one. Obviously someone familiar with nop and somehow able to find my site via IP. And probably reading this post!
/Admin/Product/ExportExcel - 80 - 74.217.148.72
/login ReturnUrl=%2fAdmin%2fProduct%2fExportExcel 80 - 74.217.148.73
/Admin/Product/ExportExcel - 80 - 74.217.148.72
/login ReturnUrl=%2fAdmin%2fProduct%2fExportExcel 80 - 74.217.148.73
It doesn't look like this is a nopCommerce threat, but someone got your IP address and tried to export your products. Even if they are familiar with the nopCommerce URL they obviously forgot you need to be authenticated before you can export products. I wouldn't be worried unless they become an authenticated administrator.
- 9
- 65
- 2011/7/21
- United States
thanks eddymurphy, I added the deny entry myself, reported the ip's to the isp with that ip block. Spoofed or not, it can't hurt.
@skyler.severns
In the middle of the night, you hear someone attempting to find an unlocked door or window to gain entry into your home. You know that they don't have the keys. Are they a threat?
@skyler.severns
In the middle of the night, you hear someone attempting to find an unlocked door or window to gain entry into your home. You know that they don't have the keys. Are they a threat?
- 657
- 7576
- 2011/8/10
- United States
angiengreg wrote:
They are a threat to me but not to everyone who has the same door/window.
A better analogy would be a drunken neighbor trying to open the door. Considering the person trying to gain access recognized the door, but forgot you need keys to unlock it.
thanks eddymurphy, I added the deny entry myself, reported the ip's to the isp with that ip block. Spoofed or not, it can't hurt.
@skyler.severns
In the middle of the night, you hear someone attempting to find an unlocked door or window to gain entry into your home. You know that they don't have the keys. Are they a threat?
@skyler.severns
In the middle of the night, you hear someone attempting to find an unlocked door or window to gain entry into your home. You know that they don't have the keys. Are they a threat?
They are a threat to me but not to everyone who has the same door/window.
A better analogy would be a drunken neighbor trying to open the door. Considering the person trying to gain access recognized the door, but forgot you need keys to unlock it.