Jump to content

 

deadroot

Member Since 13 Jun 2018
Offline Last Active Feb 26 2022 06:57 AM
*****

#346414 Attention Of Vivashop Theme Owners

Posted by deadroot on 25 February 2022 - 04:01 PM

Hello,
 
Thanks for your response. My name is Roman, and I'm CEO of asaplab.io. I have tried to contact you personally via Slack chat "CS-Cart development team" Feb, 16 9:40 PM UTC+4, and via your helpdesk system. Also, I have contacted Ilya Makarov and Alexey Maisuradze (official CS-Cart marketplace where your themes and add-ons, unfortunately, are not presented) for your contact details, and it does not give a result.
 
As you can see in our article, we have created a patch file, to mitigate human-based typos.
⚠️ We highly recommend using the patch https://github.com/a...sion_post.patch ⚠️



#308164 Good Vs Bad Bots

Posted by deadroot on 26 October 2018 - 01:25 PM

Yes, but this is not shopify. CS-Cart does not have bad bot protection.

MJ12bot ignores robots.txt You need to block it from your server.

 

:)

if ($http_user_agent ~* (MJ12bot|...) ) {
    return 403;
}
But blocking by user agent(light-changeable) list is bullshit.
Here need a different approach like, which use web application firewalls (WAF) with analyzing of IP (who/from where), user behavior, type of requests, etc. Or using WAF like https://wallarm.com/ or https://aws.amazon.com/waf/, etc xD



#307823 Do You Use Control Panel To Manages Servers Yourself?

Posted by deadroot on 18 October 2018 - 03:08 PM

Anyway, when you control your system entirely and know what packages you use you can prevent this https://forum.vestac...tart=180#p73920 

All VestaCP installations being attacked

 

And sure, by using panels, you don't get full control under your server. Or you will be not the only one xD

 

P.S. If you use VestaCP, update immediately!




#307346 Http-To-Https Migration Checklist

Posted by deadroot on 09 October 2018 - 09:11 AM

What are the benefits of moving the site completely to HTTPS? Won't the speed of the website get affected?

 
Also, using HTTPS allow using HTTP/2 protocol :)

HTTP/2 protocol is already significantly optimized compared to HTTP 1.1, and so a simple HTTP/2 implementation (enabling) can improve the performance of web servers. And disabling the extra tweaks that were used to speed up HTTP 1.1 will help take full advantage of HTTP/2.
 

Read more hereP.S. If you want, I can write some article about HTTP/2 :)