blog documentation FAQ followers forum marketplace services youtube

closed Are they trying to hack my site?

The Jamroom Network » Forum » Off Topic » Page » Are they trying to hack my site?
ukdenny
@ukdenny
6 years ago
293 posts
I keep getting warnings in my Activity log...
invalid order_by criteria in jrCore_db_search_items parameters
when I look at the Ip addtress its always the Russian Federation
Are they trying to hack into my site?
updated by @ukdenny: 02/24/19 06:53:17PM
paul
@paul
6 years ago
4,325 posts
Possibly, though its not possible to pass search order parameters into Jamroom via a url, so those activity log messages are likely generated by an 'invalid order_by' in one of your templates.
What is the URL they are hitting?


--
Paul Asher - JR Developer and System Import Specialist
ukdenny
@ukdenny
6 years ago
293 posts
They are hitting songblitz.com
Here is a screen shot
russansHack.jpg
russansHack.jpg  •  124KB

paul
@paul
6 years ago
4,325 posts
This is calling the skin music.tpl template with the option 'by_album' which isn't a valid template option, so the 'order_by' parameter doesn't get set, hence the error.
Is there a link elsewhere on the site to https://songblitz.com/music/by_album that a bot has maybe found, and then gone on to see all the alphabetical links on the page, so is trying all of them?


--
Paul Asher - JR Developer and System Import Specialist
ukdenny
@ukdenny
6 years ago
293 posts
I don't know Paul. I haven't created any links to that page other than the ones already there with the modules/skins.
paul
@paul
6 years ago
4,325 posts
I've added a bit of code to the top of the music.tpl template to catch any non valid options -

{if $_post.option != 'by_newest' && $_post.option != 'by_plays' && $_post.option != 'by_ratings'}
    {$_post.option = 'by_newest'}
{/if}

They get diverted to 'by_newest' and no errors in your activity log.
hth


--
Paul Asher - JR Developer and System Import Specialist
ukdenny
@ukdenny
6 years ago
293 posts
Thank you Paul,

Tags