cancel
Showing results for 
Search instead for 
Did you mean: 

Third party extension and Admin Security

Highlighted

Third party extension and Admin Security

Hi all.... I'm using a third party extension 'WebShopApps Logger' which is part of their 'Multi Tiered pricing Across Multiple Products' extension.

We recently experienced brute force attacks on our Admin and it turned out that even though i'd changed the default Admin URL, this extension provided an alternative URL to our Admin.

This URL has been picked up by bots, I am assuming, and resulted in the attacks.

Firstly, has anyone else used this extension and experienced similar. Secondly, are there other extensions that may be doing this? Thirdly, how should I protect our Admin further?

I have contacted the extension developer and received this response.

"This is not standard functionality of the Logger extension; using /wsalogger by default, would provide a 404 as it would require /admin/wsalogger (where "admin" is the URL to the admin panel). Your developer would be able to add a rule to prevent /wsalogger from redirecting to your admin panel."

Any advice appreciated.

Many Thanks in Advance

Andy

 

4 REPLIES 4
Highlighted

Re: Third party extension and Admin Security

Hello @Andy_Acute ,

 

I'm not sure about it but WebShopApps Logger is related to log extensin so you can remove that extension and also changed admin URL then check for few days. Does any bot get your admin url or not?

 

--
If my answer is useful, please Accept as Solution & give Kudos

Highlighted

Re: Third party extension and Admin Security

Hi gelanivishal

I tried removing the extension (renaming the files), but this caused issues with adding products to the cart!. Had to rollback.

:-|

Thanks for trying.

Andy

Highlighted

Re: Third party extension and Admin Security

Hello @Andy_Acute ,

 

Please take backup in your local and delete from server and also clear cache and check it.

 

--
If my answer is useful, please Accept as Solution & give Kudos

 

Highlighted

Re: Third party extension and Admin Security

I realize this is wayyyyyyy late, but there are other 3rd party extensions that have this issue as well (Bannerslider is one) and I've never seen an easy solution to this online, so I'm posting this here.

 

I've written some tweaks to block them, but sometimes it causes other issues with upgrading and functionality.

Same with disabling - I mean, you needed the extension to make something work, right?

 

What I have found is that you can:

go to the admin panel -> Catalog -> URL Rewrite Management   

Click the "Add URL Rewrite" Button (Top Right)

Now you can create a rule to send the offending URL to the "Oopps Cant find that page" Page.

 

Here are the deets for the Webshop apps Logger Admin URL exploit. Substitue similar info in the request path depending on what extension is creating an exploitable path. I sent mine to index.html which does not exist and gives a "Whoops" page, but you could redirect them to whatever page you like:

 

Type: Custom

ID Path: index.html

Request Path: wsalogger/adminhtml_log/index

Target Path: index.html

Redirect: Permanent (301)

Description: (Whatever you want)

 

Then Save the rewrite and test it using:

https://yourDomain.com/index.php/wsalogger/adminhtml_log/index

If you get a woops page or 404, then you are good to go. But test several products from selection to cart to shipping and make sure all your products are sellable. 

 

This worked for me, YMMV