url hacking my site

11 个月 前
The following URL was found in my Online Customers page:

I posted the URL in my Chrome browser and it pulled all of my States from y database.  Here are the results:

[{"id":0,"name":"Select state"},
{"id":1,"name":"AA (Armed Forces Americas)"},
{"id":2,"name":"AE (Armed Forces Europe)"},
{"id":5,"name":"American Samoa"},
{"id":6,"name":"AP (Armed Forces Pacific)"},
{"id":13,"name":"District of Columbia"},
{"id":14,"name":"Federated States of Micronesia"},
plus all subsequent states.

What is this all about? Is it a HACK attempt? Any way to stop them? The URL comes from this IP:

11 个月 前
In all likelihood it's just a bot/spider following public routes.  If you look at the CountryController you'll see the GetStatesByCountryId is public facing and returns the expected JSON results that you see:

//available even when navigation is not allowed
public virtual IActionResult GetStatesByCountryId(string countryId, bool addSelectStateItem)
            var model = _countryModelFactory.GetStatesByCountryId(countryId, addSelectStateItem);
            return Json(model);
11 个月 前
This url can be called from various froms, like customer info, address add/edit, registration etc. It’s not a problem.