Right now in who's online:
00:08:41 0 Guest 54.187.205.235 09:56:13 09:56:13 /ext/modules/payment/stripe_sca/webhook.php
The IP address is 'associated with Amazon' and what does that even mean?
Funny thing is, we keep the stripe_sca module installed, though we don't use that gateway. When we chose in admin to uninstall, some reference to stripe_sca still remained in a mysql query and threw an error. There is no error if we keep the module installed and disabled, so what is the harm? Attributable to a programming oversight. I am mentioning this though because there is this strange visit I cannot attribute. It is beyond my pay grade. I would not even be able to begin to judge whether this is some kind of vulnerability, this webhook, and whether it has any connection to the problem uninstalling the payment module before.
If it is all very normal, that is reassuring.
We are always under attack by bots trying to make accounts which makes your site send your welcome message to a million random email addresses. If anyone could explain who Joe Smith is, that would be good, because he once made 1500 accounts on our site. If any of the experts out there sees the slightest chance of some kind of vulnerability in one of the payment modules, then it would have been worthwhile for me to post about it.
If an attack, what kind of attack is this?
-
- Posts: 14
- Joined: Thu Jun 24, 2021 4:48 pm
-
- VIP Member
- Posts: 25
- Joined: Mon Dec 07, 2020 3:11 pm
- Has thanked: 1 time
- Been thanked: 6 times
Re: If an attack, what kind of attack is this?
not saying it is but. https://aws.amazon.com/solutions/case-studies/stripe/
so they run on Amazon Web Services, so it maybe just stripe pinging iteslef
so they run on Amazon Web Services, so it maybe just stripe pinging iteslef
-
- PhoenixCart Developer
- Posts: 1212
- Joined: Sat Dec 21, 2019 8:08 am
- : Buy Me A Beverage
- Has thanked: 38 times
- Been thanked: 103 times
Re: If an attack, what kind of attack is this?
I would also say its stripe checking if the webhook is reachable if you still have configured the webhook url in your stripe account. Removing it there should stop it.
You should be able to uninstall the stripe sca module without getting errors.
If you post the exact error message you get, we may be able to help.
You should be able to uninstall the stripe sca module without getting errors.
If you post the exact error message you get, we may be able to help.
Public Phoenix Change Log Cheat Set on Google Sheets
https://docs.google.com/spreadsheets/d/ ... sp=sharing
Need Help?viewtopic.php?f=10&t=27
https://docs.google.com/spreadsheets/d/ ... sp=sharing
Need Help?viewtopic.php?f=10&t=27
-
- Posts: 14
- Joined: Thu Jun 24, 2021 4:48 pm
Re: If an attack, what kind of attack is this?
Thank you. That's very reassuring.
Though I really appreciate the offer, I might just let sleeping dogs lie with the Stripe module. Things seem to be working pretty well.
Though I really appreciate the offer, I might just let sleeping dogs lie with the Stripe module. Things seem to be working pretty well.
- mhsuffolk
- VIP Member
- Posts: 148
- Joined: Sat Oct 26, 2019 9:13 am
- Has thanked: 8 times
- Been thanked: 5 times
Re: If an attack, what kind of attack is this?
Do you use the Stripe dashboard for creating customers manual payments from phone orders etc? I do and one of those entries appears in Whos Online every time.
Live shop Phoenix 1.0.9.0 on PHP 8.0
Re: If an attack, what kind of attack is this?
Funny - my bot was James Smith - always creating accounts with the same California address and endless email addresses. I felt bad when I updated to V1.0.8.3 and added Burt's Maths Captcha - stopped the bot (or James) in their tracks .. poor bot ..
cheers
wal
cheers
wal
-
- VIP Member
- Posts: 2025
- Joined: Mon Oct 07, 2019 4:39 am
- : Buy Me A Beverage
- Has thanked: 28 times
- Been thanked: 187 times
Re: If an attack, what kind of attack is this?
LOL! That Maths Captcha is very effective. app.php/addons/free_addon/maths_captcha/