I am seeing repeated Who's Online entries with autoLoadConfig or http in the URL

In older versions of Zen Cart (v1.3.0, 1.3.0.1, 1.3.0.2) there was a vulnerability in the code which was announced to the hacker world.Even though that has been fixed in subsequent versions, newbie hackers continue to attempt to find sites which have the vulnerability, thus wasting your time and energy worrying about what they're up to.  Their access attempts also waste some of your website server resources.

Additionally, there are a number of SQL Injection attacks floating around the internet which attempt to find holes to exploit in vulnerable systems. The current version of Zen Cart is inoculated against all such known vulnerabilities.  Nevertheless, sometimes even the "attempts" at hacking (even though they failed) can show up in server logs and whos-online entries, which can be confusing or even alarming to some storeowners.  Thus the following code alteration can provide some peace of mind:

If you are using Zen Cart version 1.3.x, adding the following to the top of your /includes/application_top.php file will help ignore those visitors and free up system resources consumed by their access attempts:

Line 1 of /includes/application_top.php contains:  "<?php".
Add this starting on line 2:
/**
 * inoculate against hack attempts which waste CPU cycles
 */
$contaminated = (isset($_FILES['GLOBALS']) || isset($_REQUEST['GLOBALS'])) ? true : false;
$paramsToAvoid = array('GLOBALS', '_COOKIE', '_ENV', '_FILES', '_GET', '_POST', '_REQUEST', '_SERVER', '_SESSION', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_POST_FILES', 'HTTP_RAW_POST_DATA', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS');
$paramsToAvoid[] = 'autoLoadConfig';
$paramsToAvoid[] = 'mosConfig_absolute_path';
$paramsToAvoid[] = 'hash';
$paramsToAvoid[] = 'main';
foreach($paramsToAvoid as $key) {
  if (isset($_GET[$key]) || isset($_POST[$key]) || isset($_COOKIE[$key])) {
    $contaminated = true;
    break;
  }
}
$paramsToCheck = array('main_page', 'cPath', 'products_id', 'language', 'currency', 'action', 'manufacturers_id', 'pID', 'pid', 'reviews_id', 'filter_id', 'zenid', 'sort', 'number_of_uploads', 'notify', 'page_holder', 'chapter', 'alpha_filter_id', 'typefilter', 'disp_order', 'id', 'key', 'music_genre_id', 'record_company_id', 'set_session_login', 'faq_item', 'edit', 'delete', 'search_in_description', 'dfrom', 'pfrom', 'dto', 'pto', 'inc_subcat', 'payment_error', 'order', 'gv_no', 'pos', 'addr', 'error', 'count', 'error_message', 'info_message', 'cID', 'page', 'credit_class_error_code');
if (!$contaminated) {
  foreach($paramsToCheck as $key) {
    if (isset($_GET[$key]) && !is_array($_GET[$key])) {
      if (substr($_GET[$key], 0, 4) == 'http' || strstr($_GET[$key], '//')) {
        $contaminated = true;
        break;
      }
      if (isset($_GET[$key]) && strlen($_GET[$key]) > 43) {
        $contaminated = true;
        break;
      }
    }
  }
}
unset($paramsToCheck, $paramsToAvoid, $key);
if ($contaminated)
{
  header('HTTP/1.1 406 Not Acceptable');
  exit(0);
}
unset($contaminated);
/* *** END OF INNOCULATION *** */


Using this code change will not affect good visitors such as search engines, as long as they are attempting to access legitimate content on your site.  It simply blocks rogue behavior.

Applicable to Zen Cart versions: 1.3.0, 1.3.0.1, 1.3.0.2, 1.3.5, 1.3.6., 1.3.7, 1.3.8.
This suggested code change (or a variation on it) are included in Zen Cart v1.3.9 and newer.

Thanks to forum member smb for the initial concept from which this change was fashioned and has grown.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How can I find out what version of Zen Cart or PHP or MySQL I'm using?

To find out what version of Zen Cart or PHP or MySQL you are currently using, you can simply go...

Getting a BLANK PAGE? Here's the answer ...

If you're getting a blank page when trying to browse to a certain page on your store, or after...

What's New in the Upcoming v2.0 release?

Database Abstraction Layer and Sql CacheThe abstraction layer has been re-factored to include a...

Image Preparation - How-to

I've seen several posts where people obviously aren't quite sure about the best way to set up...

Some tips to modify stylesheet

1. Download Web Developer extension for FireFox here2. Install & restart FireFox. You should...