Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Getting hammered with admin requests


lextech

Recommended Posts

My side is getting TONS of admin request from hosts that are inside the US, which I am guessing are proxy servers used by overseas hackers and hackbots. I have most of the security contributions so there is no admin directory under that name, but is there anything to be concerned about otherwise with SO MANY attempts at hacking my site?

 

Also, I installed IP_Trap and it works properly if you try /personal but it doesn't trap anything else. I want it to trap on /admin request with so many issues I am having, but it just gives a normal 404 error. Is the robots file the ONLY file that I need to edit to make the admin directory catch?

 

Here are the attempts on my site just over the last few hours. None of them trapped by Ip_trap, though I added /admin to my robots.txt file.

 

 

Screenshot2011-03-14at83630PM.png

 

Screenshot2011-03-14at83835PM.png

 

Screenshot2011-03-14at83843PM.png

 

Screenshot2011-03-14at83954PM.png

 

Screenshot2011-03-14at84007PM.png

 

Screenshot2011-03-14at84022PM.png

 

Screenshot2011-03-14at84033PM.png

 

Screenshot2011-03-14at84040PM.png

RC2.2a

Link to comment
Share on other sites

Unfortunately, I have found NOTHING you can do about this. I have two clients sites getting 3000-5000 a night just like that. I changed one site to IP trap them and had more than 3000 in about 10 hours. But, deleted the bans because the hackers are using insecure proxy sites and previously hacked servers to run the script to look for other vulnerable sites. If you use an IP trap, eventually you would block 10's of thousands of potential customer IP's.

 

 

Edit: The only thing they will get is the satisfaction they are using bandwidth. Nothing more.

 

 

Chris

Link to comment
Share on other sites

In your .htaccess, 301 redirect any reference to admin/xxxx to www.fbi.gov. :-) In another thread on this topic, I suggested downloading malware or kiddie porn to the hacker, but no one seemed to like that... :-(

Link to comment
Share on other sites

^ LOL.

 

Ok Chris it's nice to know I'm not the only one seeing large numbers of these hits. As long as they can't get to me with the security add ons I'm ok I guess. :) Though I still don't know why my IP trap isn't catching anything from /admin.

 

EDIT: I have actually used HT access to block anything not in the US or Canada, but they still keep coming.

RC2.2a

Link to comment
Share on other sites

The IP trap in admin only works if they try to access /admin directly in the URL.

 

 

This (as an example) /xxxx-i-10.html/admin/file_manager.php/login.php

 

is not the same as this www.yourdomain.com/catalog/admin

 

 

So, the IP trap won't work. UNLESS you create a /admin/file_manager.php sub-directory and place the ip trap in that sub-directory.

 

 

 

 

Chris

Link to comment
Share on other sites

Good to know, thank you. I'm not sure if IP trap is even worth using at this point, given your example. Sounds like there a a lot more IP's flooding in than I have seconds in the day to battle them. Long as they can't get in I'll just let them hit it. :)

RC2.2a

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...