richa2002 Posted March 20, 2011 Share Posted March 20, 2011 Hello all After checking my who's online page, I've seen lots of suspect activity from a handful of IPs which I've banned but I appreciate that's a very short-term solution. The sort of activity in question is IPs accessing the paths listed below: /product_info.php?products_id=67/admin/file_manager.php/login.php /product_info.php?products_id=67/admin/categories.php/login.php?cPath=&action=new_product_preview /shipping.php/admin/file_manager.php/login.php I have renamed the admin folder and also applied all the recommended security updates such as implementing .htaccess to the admin section so I'm not quite sure what they can be accessing here. Any ideas would be great. Thanks Link to comment Share on other sites More sharing options...
Taipo Posted March 20, 2011 Share Posted March 20, 2011 A lot of that is probably more automated than someone manually doing their thing on your site. Sort of the same way a search engine spiders your site. There are a number of contribs that can deal to this if it comes down to an issue of annoyance or even bandwidth for you including the one in my signature (shameless plug). But if you either have htaccess folder protection on your admin folder or moved/renamed it then this 'specific' genre of attacks listed above will not work for them. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
richa2002 Posted March 20, 2011 Author Share Posted March 20, 2011 A lot of that is probably more automated than someone manually doing their thing on your site. Sort of the same way a search engine spiders your site. There are a number of contribs that can deal to this if it comes down to an issue of annoyance or even bandwidth for you including the one in my signature (shameless plug). But if you either have htaccess folder protection on your admin folder or moved/renamed it then this 'specific' genre of attacks listed above will not work for them. Thanks for the info. I'm pleased to hear that I should be fine security wise seeing as I have renamed the admin folder. I'll look into implementing your script, nothing wrong with a shameless plug when it's useful :). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.