First and foremost we must apologize if this post is in the wrong place and for its length; we have never posted nor have had the need. We have questions regarding NopCommerce security. We started developing our site in May 2010 with version 1.5. We love the software and have upgraded at each new version release. We are currently running version 1.8, and are hosted by appliedi.net. Google indexed us before we officially started populating any SEO fields, but to date we haven't received a single customer, only HACKERS. We officially were ready for business around the early part of September 2010, after loading the products and purchasing equipment and everything else that we needed. Everyday when we check the system logs in our site admin, we see multiple hits from several RIPE network IP addresses from various parts of the world, most of them hitting our register.aspx page. Sadly, we have had to remove the ability to register on our site and renamed the register.aspx file, and the logs continue to show the attempted hits to the page, with the typical "System.Web.HttpException (0x80004005): The file '/register.aspx' does not exist" verbiage, but the overall message is much longer than what I have shown here. Other exception errors are: "A potentially dangerous Request.Path value was detected from the client (:)." due to a hit to the page: "http://www.XXXXXXXXXX.com/+++++++++++++++++++++++++++++++++++++++++++++++++++++++result:+ýòî+íå+ôîðó", (where "XXXXXXXXXX" is the name of our site). Another popular error message is: "Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster." Another exception error is triggered when the HACKER tries to hit the http://XXXXXXXXXX.com/topic/default.aspx page, which doesn't exist. Or sometimes the exception error message reads, "The state information is invalid for this page and might be corrupted." Furthermore, almost each day, HACKERS enter odd search terms. In the popular searches for example entries appear such as, "great%2bprices%2bon%2bed%2bmedications" and various other irrelevant search terms like "buy%2bviagra" etc. A few weeks ago, we found that our site was defaced. None of the graphics were being displayed and all of the website controls were piled up on the left side of the screen. We 1st thought that there was a hosting problem until we loaded the site on a computer that is very rarely used and the site was not displaying properly there either. Ultimately we ended up reinstalling NopCommerce 1.8 to resolve the defacing. We mean no offense or disrespect to RIPE.NET users, but we have tried unsuccessfully to disallow RIPE.NET or any Non-American IP's access to our site in an attempt to suppress the hack attempts. For this we used Traffic Cleaner to generate an .htaccess file. You might imagine our frustration after spending on the hosting, printer, business license, products, time and various other big expenses, just to open our doors to HACKERS and not get a single legitimate customer or order. We have adjusted our web.config as directed at: https://www.nopcommerce.com/boards/t/6368/very-important-aspnet-security-vulnerability.aspx and thought that that would reduce the hack attempts.
Finally my questions:
1) Apparently the defacing of our site was successful, but does anyone know if the multitude of other daily attack attempts on our site are successful?
2) Has anyone else experiencing anything like this?
3) What can we do to thwart the HACKERS attempts?
4) Are there any security holes that we might be missing that need to be addressed?
5) Are there any other signs that could reveal that our site has been hacked?
6) What might we have done wrong to invite ONLY HACKERS? How did they find and target us?
P.S. while posting this message, two other HACK attempts first from RIPE.NET, IP: 212.95.63.241 trying to hit our "register.aspx" web page, and the second one from the Philippines, IP: 119.92.135.22 with a “Validation of viewstate MAC failed.” exception error.
HACK Attempts Successful?
- 1
- 2
- 243
- 1941
- 2010/3/25
- Israel
This stuff happens to everybody, don't worry so much about it. My blog is also attacked daily, it's usually not hackers but bots (robots) who try to submit their viagra and stuff to every possible submittable field. That includes register, search, (in my case comments to a blog, etc..). Validation error happens because asp.net detects that the page was submitted by bot, (there is a built in validation that detects if the original page was submitted, if not it fails). It is usually a robot that runs on every possible site trying to submit anywhere possible.
My advice is to bring back register.aspx page and put a captcha (human validation) on it (I think there is such option in the admin panel, if not then I can do it for you).
Also asp.net (entity framework) protects your database from sql injection attack so not to worry about it either.
My advice is to bring back register.aspx page and put a captcha (human validation) on it (I think there is such option in the admin panel, if not then I can do it for you).
Also asp.net (entity framework) protects your database from sql injection attack so not to worry about it either.
MVP
青铜解决方案合作伙伴
- 2898
- 23165
- 2010/1/8
- United States
hello nicole
First of all don't worry about these things.
As LevGe mentioned above, this stuff happens to everybody and it is not that it's nopCommerce fault. Every website on the internet could be attacked by spammers.
You don't have to remove registration page from your website because if you will do that, how online customers will be able to register with your website if they want to buy anything ?
As, LevGe mentioned that it is done by Robot. There are many spam software out there on the internet that tries to spam website with those kind of things that you are facing but it is normal.
1st Thing) You can make use of captcha image, the use of captcha image is that it will protect your website from getting spam. Captcha image requires entering the numbers mentioned on it in a text box which a spam software can't do. So people who actually wants to register on your website will be able to register on your website.
Here's the procedure to put captcha image on your registration page:
Go to admin section > Configuration > Global Settings > Go to 12th tab "Security"
Now mark the checkbox "Registration captcha image enabled:" and save it
You can also put captcha image on login page.
2nd Thing) What i mentioned was about preventing spam, now there is another thing that store owner faces is, when a customer registers, sometime they just provide fake e-mail address so get some information which fills your database with incorrect information.
In order to prevent this, you can make your registration process as "Validation E-mail". So if a customer who registers on your website provides a valid e-mail address then only that customer will be active and if he/she doesn't provide valid e-mail address, he/she will remain in-active and will not be able to login to your website.
In order to do so:
Go to admin section > Configuration > Global Settings > Go to 13th tab "Other"
Now 2nd option "Registration method:" from standard change it to "E-mail Validation" and save it.
Hope it helps...
First of all don't worry about these things.
As LevGe mentioned above, this stuff happens to everybody and it is not that it's nopCommerce fault. Every website on the internet could be attacked by spammers.
You don't have to remove registration page from your website because if you will do that, how online customers will be able to register with your website if they want to buy anything ?
As, LevGe mentioned that it is done by Robot. There are many spam software out there on the internet that tries to spam website with those kind of things that you are facing but it is normal.
1st Thing) You can make use of captcha image, the use of captcha image is that it will protect your website from getting spam. Captcha image requires entering the numbers mentioned on it in a text box which a spam software can't do. So people who actually wants to register on your website will be able to register on your website.
Here's the procedure to put captcha image on your registration page:
Go to admin section > Configuration > Global Settings > Go to 12th tab "Security"
Now mark the checkbox "Registration captcha image enabled:" and save it
You can also put captcha image on login page.
2nd Thing) What i mentioned was about preventing spam, now there is another thing that store owner faces is, when a customer registers, sometime they just provide fake e-mail address so get some information which fills your database with incorrect information.
In order to prevent this, you can make your registration process as "Validation E-mail". So if a customer who registers on your website provides a valid e-mail address then only that customer will be active and if he/she doesn't provide valid e-mail address, he/she will remain in-active and will not be able to login to your website.
In order to do so:
Go to admin section > Configuration > Global Settings > Go to 13th tab "Other"
Now 2nd option "Registration method:" from standard change it to "E-mail Validation" and save it.
Hope it helps...
MVP
青铜解决方案合作伙伴
- 2898
- 23165
- 2010/1/8
- United States
You can also put captcha image on contact us page in order to prevent your mailbox from spam e-mails that could come from your contact us page.
Unfortunately this feature is not available in nopCommerce 1.8. For this you need to make some modification in your code.
I have posted the solution here:
https://www.nopcommerce.com/boards/t/6987/captcha-image-on-contact-us-page.aspx
Unfortunately this feature is not available in nopCommerce 1.8. For this you need to make some modification in your code.
I have posted the solution here:
https://www.nopcommerce.com/boards/t/6987/captcha-image-on-contact-us-page.aspx
- 45
- 309
- 2010/8/13
- United Kingdom
the captcha etc is all helpful advice
but that doesn't help the dude deal with the fact that his site has been hacked? I'd be wanting to find out how that happened!
I think its unlikely to be an issue in nop, else we'd probably see these hacks all over the place. So most probably
1) poor implementation
2) ftp hack
3) poor security by webhost
I'd be looking at number 2. Have a look at FTP logs - anything that shouldn't be there? FTP attacks tend to happen when the PC you've used to FTP to the site has malware on it - this steals you FTP settings and passes it on to a bot that hacks your site. Most likely reason your PC gets malware is out of date Flash and PDF software.
but that doesn't help the dude deal with the fact that his site has been hacked? I'd be wanting to find out how that happened!
I think its unlikely to be an issue in nop, else we'd probably see these hacks all over the place. So most probably
1) poor implementation
2) ftp hack
3) poor security by webhost
I'd be looking at number 2. Have a look at FTP logs - anything that shouldn't be there? FTP attacks tend to happen when the PC you've used to FTP to the site has malware on it - this steals you FTP settings and passes it on to a bot that hacks your site. Most likely reason your PC gets malware is out of date Flash and PDF software.
- 59
- 361
- 2010/10/8
- United States
I wouldn't be too concerned about the view state errors. From what I can tell it looks like these are automated scripts that are trying to post too fast to the forms for the pages to fully load. You just have an extra layer of protection if these scripts get errors instead of actually processing.
the public and private keys form fields aren't rendering fast enough I think based on the info on microsoft's site. I'd be more concerned if I stopped seeing some of these errors from time to time. I get endless hacking attempts all day long. I'm actually relieved with the .net in place. I'm pretty tired of fighting them off with the old methods of layers and layers of security to manage.
the public and private keys form fields aren't rendering fast enough I think based on the info on microsoft's site. I'd be more concerned if I stopped seeing some of these errors from time to time. I get endless hacking attempts all day long. I'm actually relieved with the .net in place. I'm pretty tired of fighting them off with the old methods of layers and layers of security to manage.
MVP
银牌解决方案合作伙伴
- 5236
- 49495
- 2010/10/4
- Mexico
edcorusa wrote:
1) Captcha as said above and in https://www.nopcommerce.com/boards/t/6987/captcha-image-on-contact-us-page.aspx will do
2) You might try admin>configurations>black list to ban that IP address
Looking at the system log I have noticed that they are coming from the same IP address, 66.249.71.214. I am glad it is not really any of my customers.
1) Captcha as said above and in https://www.nopcommerce.com/boards/t/6987/captcha-image-on-contact-us-page.aspx will do
2) You might try admin>configurations>black list to ban that IP address
- 1
- 2