Jump to content
Sign in to follow this  
GrzegorzZ

Where from this scanning?

Recommended Posts

Hello, I just looked into my development server logs and saw [All IPs belong to Prestashop whole 91.240.109.x block]:

 

91.240.109.96 - - [28/Jul/2013:11:19:38 +0200] "GET

91.240.109.88 - - [28/Jul/2013:11:19:39 +0200] "GET

91.240.109.68 - - [28/Jul/2013:11:19:49 +0200] "GET

91.240.109.76 - - [28/Jul/2013:11:19:50 +0200] "GET

91.240.109.121 - - [28/Jul/2013:11:19:59 +0200] "GET

91.240.109.96 - - [28/Jul/2013:11:19:59 +0200] "GET

91.240.109.82 - - [28/Jul/2013:11:20:10 +0200] "GET

91.240.109.72 - - [28/Jul/2013:11:20:11 +0200] "GET

91.240.109.107 - - [28/Jul/2013:11:20:21 +0200] "GET

91.240.109.90 - - [28/Jul/2013:11:20:32 +0200] "GET

91.240.109.120 - - [28/Jul/2013:11:21:06 +0200] "GET

91.240.109.94 - - [28/Jul/2013:11:21:06 +0200] "GET

91.240.109.117 - - [28/Jul/2013:11:21:16 +0200] "GET

91.240.109.125 - - [28/Jul/2013:11:21:16 +0200] "GET

91.240.109.112 - - [28/Jul/2013:11:22:18 +0200] "GET

91.240.109.91 - - [28/Jul/2013:11:22:18 +0200] "GET

91.240.109.89 - - [28/Jul/2013:11:22:28 +0200] "GET

91.240.109.101 - - [28/Jul/2013:11:22:30 +0200] "GET

91.240.109.121 - - [28/Jul/2013:11:52:57 +0200] "GET

91.240.109.120 - - [28/Jul/2013:11:52:57 +0200] "GET

91.240.109.102 - - [28/Jul/2013:11:53:08 +0200] "GET

91.240.109.85 - - [28/Jul/2013:11:53:14 +0200] "GET

91.240.109.122 - - [28/Jul/2013:11:53:53 +0200] "GET

91.240.109.122 - - [28/Jul/2013:11:53:54 +0200] "GET

91.240.109.108 - - [28/Jul/2013:11:54:04 +0200] "GET

91.240.109.75 - - [28/Jul/2013:11:54:07 +0200] "GET

91.240.109.111 - - [28/Jul/2013:13:40:36 +0200] "GET

91.240.109.84 - - [28/Jul/2013:13:40:36 +0200] "GET

91.240.109.103 - - [28/Jul/2013:13:40:46 +0200] "GET

91.240.109.120 - - [28/Jul/2013:13:40:52 +0200] "GET

91.240.109.94 - - [28/Jul/2013:14:04:13 +0200] "GET

91.240.109.110 - - [28/Jul/2013:14:04:13 +0200] "GET

91.240.109.105 - - [28/Jul/2013:14:04:24 +0200] "GET

91.240.109.76 - - [28/Jul/2013:14:04:27 +0200] "GET

91.240.109.81 - - [28/Jul/2013:14:59:43 +0200] "GET

91.240.109.118 - - [28/Jul/2013:14:59:43 +0200] "GET

91.240.109.81 - - [28/Jul/2013:14:59:53 +0200] "GET

91.240.109.105 - - [28/Jul/2013:14:59:56 +0200] "GET

91.240.109.87 - - [28/Jul/2013:15:00:02 +0200] "GET

91.240.109.104 - - [28/Jul/2013:15:00:03 +0200] "GET

91.240.109.119 - - [28/Jul/2013:15:02:20 +0200] "GET

91.240.109.84 - - [28/Jul/2013:15:02:20 +0200] "GET

91.240.109.121 - - [28/Jul/2013:15:02:31 +0200] "GET

91.240.109.112 - - [28/Jul/2013:15:02:35 +0200] "GET

91.240.109.66 - - [28/Jul/2013:15:07:24 +0200] "GET

91.240.109.73 - - [28/Jul/2013:15:07:24 +0200] "GET

91.240.109.102 - - [28/Jul/2013:15:07:34 +0200] "GET

91.240.109.121 - - [28/Jul/2013:15:07:40 +0200] "GET

91.240.109.97 - - [28/Jul/2013:15:25:21 +0200] "GET

91.240.109.72 - - [28/Jul/2013:15:25:21 +0200] "GET

91.240.109.79 - - [28/Jul/2013:15:25:31 +0200] "GET

91.240.109.95 - - [28/Jul/2013:15:25:31 +0200] "GET

91.240.109.101 - - [28/Jul/2013:16:01:31 +0200] "GET

91.240.109.73 - - [28/Jul/2013:16:01:33 +0200] "GET

91.240.109.120 - - [28/Jul/2013:16:01:44 +0200] "GET

91.240.109.86 - - [28/Jul/2013:16:01:44 +0200] "GET

91.240.109.89 - - [28/Jul/2013:16:01:45 +0200] "GET

91.240.109.118 - - [28/Jul/2013:16:01:46 +0200] "GET

91.240.109.65 - - [28/Jul/2013:16:07:56 +0200] "GET

91.240.109.119 - - [28/Jul/2013:16:07:57 +0200] "GET

91.240.109.71 - - [28/Jul/2013:16:08:07 +0200] "GET

91.240.109.73 - - [28/Jul/2013:16:08:08 +0200] "GET

91.240.109.66 - - [28/Jul/2013:16:08:15 +0200] "GET

91.240.109.116 - - [28/Jul/2013:16:08:15 +0200] "GET

91.240.109.109 - - [28/Jul/2013:16:47:48 +0200] "GET

91.240.109.97 - - [28/Jul/2013:16:47:48 +0200] "GET

 

Where from did you get links to my private projects (these are only meant for specific people to see)? They are not meant to be public, yet you take those private links out and scan it?

 

 

+ Why are you taking out my private data?

$return = @file_get_contents('http://api.prestashop.com/partner/premium/set_request.php?iso_country='.strtoupper($isoCountry).'&iso_lang='.strtolower($isoUser).'&host='.urlencode($_SERVER['HTTP_HOST']).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&partner='.htmlentities(Tools::getValue('module')).'&shop='.urlencode(Configuration::get('PS_SHOP_NAME')).'&email='.urlencode($email).'&firstname='.urlencode($firstname).'&lastname='.urlencode($lastname).'&type=home');

 

Which sends you my First and last name and my e-mail. Additionally my shopname etc.

Edited by GacekSSJ4 (see edit history)

Share this post


Link to post
Share on other sites

while installation you selected option to share your data?

Share this post


Link to post
Share on other sites

Nope, First of all in install script without any conditional statement to check if I checked any box is submitting my e-mail to newsletter.

 

\install\controllers\console\process.php @ line 116

$params = http_build_query(array(
			'email' => $this->datas->admin_email,
			'method' => 'addMemberToNewsletter',
			'language' => $this->datas->lang,
			'visitorType' => 1,
			'source' => 'installer'
		));
	Tools::file_get_contents('http://www.prestashop.com/ajax/controller.php?'.$params);

e-mail

 

2nd place would be:

\controllers\admin\AdminHomeController.php

 

@line 529 @getBlockPartners method

$content = Tools::file_get_contents('http://api.prestashop.com/partner/premium/get_partners.php?protocol='.$protocol.'&iso_country='.Tools::strtoupper($isoCountry).'&iso_lang='.Tools::strtolower($isoUser).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&host='.urlencode($_SERVER['HTTP_HOST']).'&email='.urlencode(Configuration::get('PS_SHOP_EMAIL')), false, $stream_context);

shop e-mail and all other data

 

@line 623 @ajaxProcessSavePreactivationRequest method

$return = @Tools::file_get_contents('http://api.prestashop.com/partner/premium/set_request.php?iso_country='.strtoupper($isoCountry).'&iso_lang='.strtolower($isoUser).'&host='.urlencode($_SERVER['HTTP_HOST']).'&ps_version='._PS_VERSION_.'&ps_creation='._PS_CREATION_DATE_.'&partner='.htmlentities(Tools::getValue('module')).'&shop='.urlencode(Configuration::get('PS_SHOP_NAME')).'&email='.urlencode($email).'&firstname='.urlencode($firstname).'&lastname='.urlencode($lastname).'&type=home');

 

Firstname, lastname, email + more of Currently logged employee. That means any employee is submitted

Edited by GacekSSJ4 (see edit history)

Share this post


Link to post
Share on other sites

Yes, Im questioning the same thing, its like prestashop is connected to your administration of your website, by their api http://api.prestashop.com/xml which directly publishes data in your administration itself, is their a way to stop this connection between prestashop and our personnel website.

 

Question isnt their a way to istall prestashop without using their install processes

Share this post


Link to post
Share on other sites

the best:

you can just block 91.240.* on your iptables :)

Share this post


Link to post
Share on other sites
Sign in to follow this  

×

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More