colinchar Posted June 13, 2011 Share Posted June 13, 2011 just seen some strange activity in Who's Online 3.5 Tool report were visitor seems to be viewing a page that is not on our site? Has any one got any suggestions what is happening I've added a screen dump to show what I mean. Link to comment Share on other sites More sharing options...
PupStar Posted June 13, 2011 Share Posted June 13, 2011 It looks like a malicious script trying to find vulnerabilities in your store. Link to comment Share on other sites More sharing options...
colinchar Posted June 13, 2011 Author Share Posted June 13, 2011 It looks like a malicious script trying to find vulnerabilities in your store. Thanks. So where is this script hosted is it from the guests IP address 64-120-141-34.static.hostnoc.net or Last URL http://yourinfo.any-request-allowed.com/ and finally can anything be done? Regards Colin Link to comment Share on other sites More sharing options...
Guest Posted June 13, 2011 Share Posted June 13, 2011 Colin, Many of the scripts that Mark mentioned use proxy servers or servers that have known vulnerabilities to seek out other websites that may be insecure. There is no way of banning ALL of those IP addresses. I can only suggest that you ensure your site is secure and monitor for file changes. Chris Link to comment Share on other sites More sharing options...
colinchar Posted June 13, 2011 Author Share Posted June 13, 2011 Colin, Many of the scripts that Mark mentioned use proxy servers or servers that have known vulnerabilities to seek out other websites that may be insecure. There is no way of banning ALL of those IP addresses. I can only suggest that you ensure your site is secure and monitor for file changes. Chris Thanks again to Chris and Mark I think site is secure having followed guidelines elsewhere, mainly admin folder being user/password protected etc. This attacker is persistant having been at it for over 5 hours with one attempt per minute, I've looked at timestamps on majority of files and OK but this is quite time consuming is there an automatic way to get an alert if a file is changed. Regards Colin Link to comment Share on other sites More sharing options...
germ Posted June 13, 2011 Share Posted June 13, 2011 It's not practical the check all the files all the time. There is a contribution called Site Monitor If you want something less involved you might check out this I tried that last one on my WAMP server and it seemed to work OK. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
colinchar Posted June 14, 2011 Author Share Posted June 14, 2011 It's not practical the check all the files all the time. There is a contribution called Site Monitor If you want something less involved you might check out this I tried that last one on my WAMP server and it seemed to work OK. Thanks Jim I went and had a look at Site Monitor and have subsequently just installed version 2.9. Very impressed and can now sleep. Regards Colin Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.