Hi.
CS-Cart version 4.11.4.SP3
Someone is constantly sending call requests like:
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
-1" OR 2+951-951-1=0+0+0+1
I closed the storefront all together, activated "under attack mode" in Cloudflare. Albeit in a lower frequency, I still receive call requests. Isn't there a rate limiting on call requests? What should I do now?
There is no SQL injection. There are also no rate-limits.
Hi.
CS-Cart version 4.11.4.SP3
Someone is constantly sending call requests like:
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z-1" OR 2+951-951-1=0+0+0+1I closed the storefront all together, activated "under attack mode" in Cloudflare. Albeit in a lower frequency, I still receive call requests. Isn't there a rate limiting on call requests? What should I do now?
How did you get these logs? is it in apache2 logs or in cs-cart logs? how did you check it?
How did you get these logs? is it in apache2 logs or in cs-cart logs? how did you check it?
I didn't need to see the logs. Because call requests are notified by mail. I received more than 130 call requests like that until I renamed index.php to something else. (The store isn't really much active; I wanted to see what happens next; because I was still receiving call request mails although I closed the store from the admin panel.)
Not enough info. Unless you have the IP that is causing those queries it is hard to see what is going on.
How will having the IP address help?