If an attack, what kind of attack is this?

Ask the community for help and support.
Post Reply
cottonheadedidiot
Posts: 14
Joined: Thu Jun 24, 2021 4:48 pm

If an attack, what kind of attack is this?

Post by cottonheadedidiot »

Right now in who's online:

00:08:41 0 Guest 54.187.205.235 09:56:13 09:56:13 /ext/modules/payment/stripe_sca/webhook.php

The IP address is 'associated with Amazon' and what does that even mean?

Funny thing is, we keep the stripe_sca module installed, though we don't use that gateway. When we chose in admin to uninstall, some reference to stripe_sca still remained in a mysql query and threw an error. There is no error if we keep the module installed and disabled, so what is the harm? Attributable to a programming oversight. I am mentioning this though because there is this strange visit I cannot attribute. It is beyond my pay grade. I would not even be able to begin to judge whether this is some kind of vulnerability, this webhook, and whether it has any connection to the problem uninstalling the payment module before.

If it is all very normal, that is reassuring.

We are always under attack by bots trying to make accounts which makes your site send your welcome message to a million random email addresses. If anyone could explain who Joe Smith is, that would be good, because he once made 1500 accounts on our site. If any of the experts out there sees the slightest chance of some kind of vulnerability in one of the payment modules, then it would have been worthwhile for me to post about it.
puddlec
VIP Member
VIP Member
Posts: 25
Joined: Mon Dec 07, 2020 3:11 pm
Has thanked: 1 time
Been thanked: 6 times

Re: If an attack, what kind of attack is this?

Post by puddlec »

not saying it is but. https://aws.amazon.com/solutions/case-studies/stripe/

so they run on Amazon Web Services, so it maybe just stripe pinging iteslef
raiwa
PhoenixCart Developer
PhoenixCart Developer
Posts: 1184
Joined: Sat Dec 21, 2019 8:08 am
Has thanked: 38 times
Been thanked: 102 times

Re: If an attack, what kind of attack is this?

Post by raiwa »

I would also say its stripe checking if the webhook is reachable if you still have configured the webhook url in your stripe account. Removing it there should stop it.
You should be able to uninstall the stripe sca module without getting errors.
If you post the exact error message you get, we may be able to help.
Public Phoenix Change Log Cheat Set on Google Sheets
https://docs.google.com/spreadsheets/d/ ... sp=sharing

Need Help?viewtopic.php?f=10&t=27
cottonheadedidiot
Posts: 14
Joined: Thu Jun 24, 2021 4:48 pm

Re: If an attack, what kind of attack is this?

Post by cottonheadedidiot »

Thank you. That's very reassuring.

Though I really appreciate the offer, I might just let sleeping dogs lie with the Stripe module. Things seem to be working pretty well.
User avatar
mhsuffolk
VIP Member
VIP Member
Posts: 146
Joined: Sat Oct 26, 2019 9:13 am
Has thanked: 8 times
Been thanked: 5 times

Re: If an attack, what kind of attack is this?

Post by mhsuffolk »

Do you use the Stripe dashboard for creating customers manual payments from phone orders etc? I do and one of those entries appears in Whos Online every time.
Live shop Phoenix 1.0.9.0 on PHP 8.0
wal
Posts: 21
Joined: Sun Mar 14, 2021 2:02 am
Has thanked: 18 times
Been thanked: 1 time

Re: If an attack, what kind of attack is this?

Post by wal »

Funny - my bot was James Smith - always creating accounts with the same California address and endless email addresses. I felt bad when I updated to V1.0.8.3 and added Burt's Maths Captcha - stopped the bot (or James) in their tracks .. poor bot ..

cheers
wal
heatherbell
VIP Member
VIP Member
Posts: 1996
Joined: Mon Oct 07, 2019 4:39 am
Has thanked: 26 times
Been thanked: 175 times

Re: If an attack, what kind of attack is this?

Post by heatherbell »

wal wrote: Sun Jul 18, 2021 2:03 am added Burt's Maths Captcha - stopped the bot (or James) in their tracks .. poor bot ..
LOL! That Maths Captcha is very effective. app.php/addons/free_addon/maths_captcha/
Post Reply