Where from this scanning? - Ecommerce x PrestaShop [ARCHIVE BOARD] - PrestaShop

Jump to content

Photo

Where from this scanning?

#1

Posted 28 July 2013 - 08:54 PM

GrzegorzZ

    PrestaShop Newbie

  • Members
  • Pip
  • 23 Active Posts
Hello, I just looked into my development server logs and saw [All IPs belong to Prestashop whole 91.240.109.x block]:

91.240.109.96 - - [28/Jul/2013:11:19:38 +0200] "GET
91.240.109.88 - - [28/Jul/2013:11:19:39 +0200] "GET
91.240.109.68 - - [28/Jul/2013:11:19:49 +0200] "GET
91.240.109.76 - - [28/Jul/2013:11:19:50 +0200] "GET
91.240.109.121 - - [28/Jul/2013:11:19:59 +0200] "GET
91.240.109.96 - - [28/Jul/2013:11:19:59 +0200] "GET
91.240.109.82 - - [28/Jul/2013:11:20:10 +0200] "GET
91.240.109.72 - - [28/Jul/2013:11:20:11 +0200] "GET
91.240.109.107 - - [28/Jul/2013:11:20:21 +0200] "GET
91.240.109.90 - - [28/Jul/2013:11:20:32 +0200] "GET
91.240.109.120 - - [28/Jul/2013:11:21:06 +0200] "GET
91.240.109.94 - - [28/Jul/2013:11:21:06 +0200] "GET
91.240.109.117 - - [28/Jul/2013:11:21:16 +0200] "GET
91.240.109.125 - - [28/Jul/2013:11:21:16 +0200] "GET
91.240.109.112 - - [28/Jul/2013:11:22:18 +0200] "GET
91.240.109.91 - - [28/Jul/2013:11:22:18 +0200] "GET
91.240.109.89 - - [28/Jul/2013:11:22:28 +0200] "GET
91.240.109.101 - - [28/Jul/2013:11:22:30 +0200] "GET
91.240.109.121 - - [28/Jul/2013:11:52:57 +0200] "GET
91.240.109.120 - - [28/Jul/2013:11:52:57 +0200] "GET
91.240.109.102 - - [28/Jul/2013:11:53:08 +0200] "GET
91.240.109.85 - - [28/Jul/2013:11:53:14 +0200] "GET
91.240.109.122 - - [28/Jul/2013:11:53:53 +0200] "GET
91.240.109.122 - - [28/Jul/2013:11:53:54 +0200] "GET
91.240.109.108 - - [28/Jul/2013:11:54:04 +0200] "GET
91.240.109.75 - - [28/Jul/2013:11:54:07 +0200] "GET
91.240.109.111 - - [28/Jul/2013:13:40:36 +0200] "GET
91.240.109.84 - - [28/Jul/2013:13:40:36 +0200] "GET
91.240.109.103 - - [28/Jul/2013:13:40:46 +0200] "GET
91.240.109.120 - - [28/Jul/2013:13:40:52 +0200] "GET
91.240.109.94 - - [28/Jul/2013:14:04:13 +0200] "GET
91.240.109.110 - - [28/Jul/2013:14:04:13 +0200] "GET
91.240.109.105 - - [28/Jul/2013:14:04:24 +0200] "GET
91.240.109.76 - - [28/Jul/2013:14:04:27 +0200] "GET
91.240.109.81 - - [28/Jul/2013:14:59:43 +0200] "GET
91.240.109.118 - - [28/Jul/2013:14:59:43 +0200] "GET
91.240.109.81 - - [28/Jul/2013:14:59:53 +0200] "GET
91.240.109.105 - - [28/Jul/2013:14:59:56 +0200] "GET
91.240.109.87 - - [28/Jul/2013:15:00:02 +0200] "GET
91.240.109.104 - - [28/Jul/2013:15:00:03 +0200] "GET
91.240.109.119 - - [28/Jul/2013:15:02:20 +0200] "GET
91.240.109.84 - - [28/Jul/2013:15:02:20 +0200] "GET
91.240.109.121 - - [28/Jul/2013:15:02:31 +0200] "GET
91.240.109.112 - - [28/Jul/2013:15:02:35 +0200] "GET
91.240.109.66 - - [28/Jul/2013:15:07:24 +0200] "GET
91.240.109.73 - - [28/Jul/2013:15:07:24 +0200] "GET
91.240.109.102 - - [28/Jul/2013:15:07:34 +0200] "GET
91.240.109.121 - - [28/Jul/2013:15:07:40 +0200] "GET
91.240.109.97 - - [28/Jul/2013:15:25:21 +0200] "GET
91.240.109.72 - - [28/Jul/2013:15:25:21 +0200] "GET
91.240.109.79 - - [28/Jul/2013:15:25:31 +0200] "GET
91.240.109.95 - - [28/Jul/2013:15:25:31 +0200] "GET
91.240.109.101 - - [28/Jul/2013:16:01:31 +0200] "GET
91.240.109.73 - - [28/Jul/2013:16:01:33 +0200] "GET
91.240.109.120 - - [28/Jul/2013:16:01:44 +0200] "GET
91.240.109.86 - - [28/Jul/2013:16:01:44 +0200] "GET
91.240.109.89 - - [28/Jul/2013:16:01:45 +0200] "GET
91.240.109.118 - - [28/Jul/2013:16:01:46 +0200] "GET
91.240.109.65 - - [28/Jul/2013:16:07:56 +0200] "GET
91.240.109.119 - - [28/Jul/2013:16:07:57 +0200] "GET
91.240.109.71 - - [28/Jul/2013:16:08:07 +0200] "GET
91.240.109.73 - - [28/Jul/2013:16:08:08 +0200] "GET
91.240.109.66 - - [28/Jul/2013:16:08:15 +0200] "GET
91.240.109.116 - - [28/Jul/2013:16:08:15 +0200] "GET
91.240.109.109 - - [28/Jul/2013:16:47:48 +0200] "GET
91.240.109.97 - - [28/Jul/2013:16:47:48 +0200] "GET


Where from did you get links to my private projects (these are only meant for specific people to see)? They are not meant to be public, yet you take those private links out and scan it?


+ Why are you taking out my private data?
$return = @file_get_contents('http://api.prestashop.com/partner/premium/set_request.php?iso_country='.strtoupper($isoCountry).'&iso_lang='.strtolower($isoUser).'&host='.urlencode($_SERVER['HTTP_HOST']).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&partner='.htmlentities(Tools::getValue('module')).'&shop='.urlencode(Configuration::get('PS_SHOP_NAME')).'&email='.urlencode($email).'&firstname='.urlencode($firstname).'&lastname='.urlencode($lastname).'&type=home');

Which sends you my First and last name and my e-mail. Additionally my shopname etc.

Edited by GacekSSJ4, 28 July 2013 - 11:04 PM.


#2

Posted 29 July 2013 - 01:09 AM

vekia

    PrestaShop Legend

  • Ambassadors
  • 53171 Active Posts
while installation you selected option to share your data?

free tutorials, free templates, free addons, responsive prestashop modules MndfRK4.png


#3

Posted 29 July 2013 - 05:40 AM

GrzegorzZ

    PrestaShop Newbie

  • Members
  • Pip
  • 23 Active Posts
Nope, First of all in install script without any conditional statement to check if I checked any box is submitting my e-mail to newsletter.

\install\controllers\console\process.php @ line 116
$params = http_build_query(array(
				'email' => $this->datas->admin_email,
				'method' => 'addMemberToNewsletter',
				'language' => $this->datas->lang,
				'visitorType' => 1,
				'source' => 'installer'
			));
		Tools::file_get_contents('http://www.prestashop.com/ajax/controller.php?'.$params);
e-mail

2nd place would be:
\controllers\admin\AdminHomeController.php

@line 529 @getBlockPartners method
$content = Tools::file_get_contents('http://api.prestashop.com/partner/premium/get_partners.php?protocol='.$protocol.'&iso_country='.Tools::strtoupper($isoCountry).'&iso_lang='.Tools::strtolower($isoUser).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&host='.urlencode($_SERVER['HTTP_HOST']).'&email='.urlencode(Configuration::get('PS_SHOP_EMAIL')), false, $stream_context);
shop e-mail and all other data

@line 623 @ajaxProcessSavePreactivationRequest method
$return = @Tools::file_get_contents('http://api.prestashop.com/partner/premium/set_request.php?iso_country='.strtoupper($isoCountry).'&iso_lang='.strtolower($isoUser).'&host='.urlencode($_SERVER['HTTP_HOST']).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&partner='.htmlentities(Tools::getValue('module')).'&shop='.urlencode(Configuration::get('PS_SHOP_NAME')).'&email='.urlencode($email).'&firstname='.urlencode($firstname).'&lastname='.urlencode($lastname).'&type=home');

Firstname, lastname, email + more of Currently logged employee. That means any employee is submitted

Edited by GacekSSJ4, 29 July 2013 - 05:41 AM.


#4

Posted 28 February 2014 - 05:34 AM

milesdevelopment

    PrestaShop Newbie

  • Members
  • Pip
  • 12 Active Posts

Yes, Im questioning the same thing, its like prestashop is connected to your administration of your website, by their api http://api.prestashop.com/xml which directly publishes data in your administration itself, is their a way to stop this connection between prestashop and our personnel website.

 

Question isnt their a way to istall prestashop without using their install processes



#5

Posted 28 February 2014 - 12:15 PM

vekia

    PrestaShop Legend

  • Ambassadors
  • 53171 Active Posts

the best:

you can just block 91.240.* on your iptables :)


free tutorials, free templates, free addons, responsive prestashop modules MndfRK4.png



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cookies help us deliver our services. By using our services, you agree to use our cookies.     Learn more