logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
Joe Payne2  
#1 Posted : Monday, September 19, 2022 2:46:14 PM(UTC)
Joe Payne2

Rank: Advanced Member

Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564

Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
I've never seen this one before until recently. Have hundreds of them now. Is it really necessary to even log them?

Quote:
suspicious request, sortexpresssion querystring paramter do not match the regex. sortExpression = #

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

shaharyar  
#2 Posted : Tuesday, September 20, 2022 4:47:22 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
The code was added AC9 RC release to avoid SQL Injection attacks.
A warning is logged if an invalid character is detected in the queryString sortExpression value.


Joe Payne2  
#3 Posted : Tuesday, September 20, 2022 7:34:58 AM(UTC)
Joe Payne2

Rank: Advanced Member

Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564

Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
I understand all of that. Your response didn't answer my question. Why log it?

You don't log the IP address of the bad request. So there's nothing the admin user can do about it. The message is useless to the admin user without enough details to take corrective action.
ray22901031  
#4 Posted : Tuesday, September 20, 2022 8:35:14 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 909

Thanks: 3 times
Was thanked: 15 time(s) in 15 post(s)
As a person that is extremely concerned about security, especially in a windows box, I would like to know that there is suspicious activity going on. I know you have hundreds of them, but I prefer to know that someone is trying to hack into my system.

You can use other means to detect the IP, the error logs themselves should be timestamped and that should be enough to continue the investigation using other sources.

-Ray

Edited by user Tuesday, September 20, 2022 8:36:11 PM(UTC)  | Reason: Not specified

judy at Web2Market  
#5 Posted : Wednesday, September 21, 2022 4:45:09 AM(UTC)
judy at Web2Market

Rank: Advanced Member

Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 303

Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
I have started adding the UserId and ip address to the error logging and it is a great help trying to track down issues/block bots, etc.
Users browsing this topic
Guest (3)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.