♥altoid Posted September 26, 2010 Posted September 26, 2010 I have Fimble's IP Trap installed on one of my sites and since about 0200 hours my time today there have been at least 15 hack attempts on that site. I have never had that kind of activity before so I am wondering what's up with all that? Why the sudden interest and focus on that site? Looking through my logs, some of the attempts are having a free for all, trying many different folder names and file types to do gain access to do whatever it is they are trying to do. The IPs from which the attempts are being made come from worldwide locations. No luck for them so far, based on a couple scans I did on the site. My question to the experts here is, that could this have anything to do with me moving my site from host A to host B, and intiating the domain transfer from host A to host B; both of which occurred yesterday. My hunch is that it's not just coincidental. Was some data generated from the move that flagged my site out as a potential to hackers? I've even considered a vindictive staffer at the former host as a possibility. I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are.
germ Posted September 26, 2010 Posted September 26, 2010 I'm no "expert". In my book "expert" is phonetically a compund word. "ex" (has been) and "spurt" (just a drip under prsssure)... >_< But I digress... :blush: Unless you keep track of the IP addresses that attack and the diffrent times they attack you can't know for sure if this is the first time they've probed the site or not. My hunch is it's a new attacker that controls multiple attack points. That's my story and I'm sticking to it! :lol: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
♥mdtaylorlrim Posted September 26, 2010 Posted September 26, 2010 I have Fimble's IP Trap installed on one of my sites and since about 0200 hours my time today there have been at least 15 hack attempts on that site. I have never had that kind of activity before so I am wondering what's up with all that? Why the sudden interest and focus on that site? That's a good sign. Your site is becoming more popular or more visible. The impressive part will be if you have all the security hose tied up... Remember, that is the hackers are finding it, so are customers. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
♥altoid Posted September 26, 2010 Author Posted September 26, 2010 Unless you keep track of the IP addresses that attack and the diffrent times they attack you can't know for sure if this is the first time they've probed the site or not. It could be return attempts. But since I like conspiracy theories, that vindictive former host's staffer might be a suspect. :) I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are.
♥altoid Posted September 26, 2010 Author Posted September 26, 2010 That's a good sign. Your site is becoming more popular or more visible. The impressive part will be if you have all the security hose tied up... Remember, that is the hackers are finding it, so are customers. I never thought of it that way, so that's a silver lining in the cloud. Still, there's a serious pucker factor for newbies like me when I see these attempts. :blink: Regarding security, I have followed the threads here and think I am up to speed as far as add ons, tweaks, code mods for security. And I am really thankful for all those who took the time to post/share/instruct what needs to be done. Thanks much. :thumbsup: Now...back to my conspiracy theory...... I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are.
♥mdtaylorlrim Posted September 26, 2010 Posted September 26, 2010 Didn't you just get an SSL? Remember that SSL's require a dedicated IP address and so the attacks could be directed at the IP address and not the domain name. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
Jack_mcs Posted September 26, 2010 Posted September 26, 2010 Traditionally, in my experience, hacking attempts always increase at this time of year (the hackers have to plan for a nice Christmas too, after all. /)). You may be seeing more attempts because there are more or maybe because you are looking for them more now. I thnk it's unlikely the move caused more hacking to occur. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
♥altoid Posted September 26, 2010 Author Posted September 26, 2010 Didn't you just get an SSL? Remember that SSL's require a dedicated IP address and so the attacks could be directed at the IP address and not the domain name. This site does not have SSL, in viewing the logs it appears that most of the time their first stop was the index page, then they started adding /admin, /admin2, /administrator, etc. to the site url to try to get lucky. I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are.
♥altoid Posted September 26, 2010 Author Posted September 26, 2010 Traditionally, in my experience, hacking attempts always increase at this time of year (the hackers have to plan for a nice Christmas too, after all. /)). You may be seeing more attempts because there are more or maybe because you are looking for them more now. I thnk it's unlikely the move caused more hacking to occur. I have your SiteMonitor installed on this site and what a great tool for scanning the site for hacks and unauthorized modifications. Fortunately a couple scans turned up favorable results. The only file modded was the one from Fimbles IP trap, that logged the intruding IP. What a relief. As for the hacker's Christmas....bah...humbug. :rolleyes: I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are.
♥mdtaylorlrim Posted September 26, 2010 Posted September 26, 2010 This site does not have SSL, in viewing the logs it appears that most of the time their first stop was the index page, then they started adding /admin, /admin2, /administrator, etc. to the site url to try to get lucky. They want an admin directory then give them one. One that has ban ip script in it.... Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
♥altoid Posted September 26, 2010 Author Posted September 26, 2010 They want an admin directory then give them one. One that has ban ip script in it.... Yep, I had that set up, which is probably why so many got snagged. There were several hackers trying multiple folder names and even many file names. They got 400 or 500 code responses. I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.