Maybe a bug or hacked website

  • Posts: 1018
  • Thank you received: 11
  • Hikashop Business
1 year 6 months ago #343787

Hello!
I have a website with 2 tables beeing spammed and causing a high load on he server.
lad2y_hikashop_cart and lad2y_hikashop_cart_product.
I just truncated and in minutes i get thousand of lines.
Can you please help?

small example:

INSERT INTO `lad2y_hikashop_cart` (`cart_id`, `user_id`, `session_id`, `cart_modified`, `cart_type`, `cart_coupon`, `cart_currency_id`, `cart_payment_id`, `cart_shipping_ids`, `cart_billing_address_id`, `cart_shipping_address_ids`, `cart_name`, `cart_current`, `cart_share`, `cart_params`, `cart_fields`, `cart_ip`) VALUES
(1, 0, '55f35bc4e8f94f6856de0f3ee72955ef', 1660109492, 'cart', '', 1, 1, '147@0', 0, '', '', 1, 'nobody', '{}', NULL, '65.108.99.41'),
(2, 0, '0719c47b2001884e570f273b1a92c3fc', 1660109493, 'cart', '', 1, 1, '1@0', 0, '', '', 1, 'nobody', '{}', NULL, '65.108.99.41'),
(3, 0, 'b4ee3ae4fe8235dc014cc100a53e117f', 1660109493, 'cart', '', 1, 1, '1@0', 0, '', '', 1, 'nobody', '{}', NULL, '65.108.99.41'),
(4, 0, '76aef90b79c5f02e3839f01b0f78ab06', 1660109494, 'cart', '', 1, 1, '147@0', 0, '', '', 1, 'nobody', '{}', NULL, '65.108.99.41'),

Thank you

Please Log in or Create an account to join the conversation.

  • Posts: 1018
  • Thank you received: 11
  • Hikashop Business
1 year 6 months ago #343788

I tried to change db pass and cpanel , just in case but still after seconds a script runs and writes these rows.
I attached my error_log and found some logs for "mod_sj_hk_slider".
I disabled the modules and tried again truncate on these tables and stil after seconds rows were coming

Please Log in or Create an account to join the conversation.

  • Posts: 4466
  • Thank you received: 603
  • MODERATOR
1 year 6 months ago #343792

Hello,

Can't be sure but did you check that you haven't some MassAction that are triggered regularly, or a Cron task?
On our side, we did not find to whom corresponds the term "mod_sj_hk_slider"...
Can you maybe elaborate more around this error log? Or provide this error log (through the Contact us form)
Note : In your message for our Contact us form, add an Url link to this topic.

Awaiting your returns to progress on your subject.
Regards

Last edit: 1 year 6 months ago by Philip.

Please Log in or Create an account to join the conversation.

  • Posts: 1018
  • Thank you received: 11
  • Hikashop Business
1 year 6 months ago #343810

No there isn't any mass action.
After truncating yesterday after 24 hours I have 850 rows of these data like I showed you above.
Do you need access to check it?

Please Log in or Create an account to join the conversation.

  • Posts: 2143
  • Thank you received: 747
1 year 6 months ago #343812

Hi verzevoul,

"mod_sj_hk_slider" is for sure a SmartAddons extension: www.smartaddons.com/joomla-extensions/fr...?searchword=hikashop
However, I don't think -- can actually not imagine -- that this is causing the many carts.

The IP address 65.108.99.41 as of your initial post belongs to a US server of Hetzner Online GmbH in Germany. Hetzner is notorious for bots on their servers. I had many, many of such "attacks" from them on clients' HikaShop sites, they simply create tons of carts within very short amounts of time (your initial posts shows e.g. 4 carts within 4 seconds from that same Hetzner IP).
And Hetzner is only one of many bots. I'm maintaining long lists of blocked bot IPs, haha.

Two things you can do:
1. If it annoys you, block the relevant IP addresses or address ranges in your .htaccess file. You find them in the backend cart listing, obviously. It's a bit of work, but over time it will become much, much quieter.
Or 2. if it doesn't annoy you too much and your server can take it (yours seem to be a bit on the "weaker" side if this affects its load critically), reduce the "Cart retaining period" in the HikaShop configuration to something like 3 days or so, so that carts are being auto-deleted once they are older than 3 days without an order created.

General side note: When blocking IPs, make sure you don't block "good" search engines like Google or Bing etc , of course. By the way, Microsoft's Bing often also creates carts, seemingly by often ignoring the "nofollow" attribute. Complaints have been filed already, but they do "add to cart" every now and then, still. One has to live with this, I guess.


Need help with customisations of layouts, style or other site development? PM me!
(Don't forget to turn on "E-mail notification of new messages" )
Last edit: 1 year 6 months ago by lousyfool. Reason: Links
The following user(s) said Thank You: nicolas, verzevoul

Please Log in or Create an account to join the conversation.

Time to create page: 0.072 seconds
Powered by Kunena Forum