Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

roaming ip around my site, am I seeing a hack?


builder_bob

Recommended Posts

OK, so yes I am a newbie but, I am learning!

 

the other day I saw a guest that had several last clics registered as blah blah/catalog/admin/blah blah and then catalog/admin/filemanager/ blah blah... so I figure someone was trying to gain access to my site... right?

 

so as I have been paranoid and concerned I have noticed this IP below that seems to bounce around the site quite a bit.

14:32:01 0 Guest 66.249.68.140 20:02:37 10:30:44 /product_info.php?manufacturers_id=3&products_id=174

 

notice that its been there for like 14 hours! and it has gone away and come back. It is in products so I am not overly concerned. I have noticed the site running slower so it makes me nervous that it is feeding something somewhere. How do I know if I have been hacked?

 

I did most of the security items in Geoff Whaltons signiture so I am confident that I am OK... well, maybe I am not so confident hence my asking this.

 

I went in and changed the ssl check (getenv('SERVER_PORT') == '443') in th general and application_top.php's

 

annnnnd added the caching function to aid and I think that helped but I am nervous seeing this ip staying there. Can I block it or something....? or will that even do any good?

 

thanks for any input, ye great wizards of the open source community...---- sorry for the brown nose...

Link to comment
Share on other sites

i saw that but I didnt understand... is that there web crawler finding links and such for search engine optimization? I thought maybe someone could be using a google service or something....

 

That makes me feel better though. I am not so worried now it kind of makes sense. By the way, I do not have a folder called admin.... so I am assuming that they typed that in manually and my last click field just picked up what they input manually into the addy bar. I also don't have a file manager....

 

I have to admit I was alarmed when I saw those links but, since I know I deleted them and/or changed the name, I know they don't exist but it just shook me up a little.

Link to comment
Share on other sites

The hackers blindly try accessing admin because they know that is the default name. And they try file_manager because that is an easy way in in unprotected sites. There are many shops that still use both, which is one of the reason why there are posts here each week about sites being hacked. So consider yourself ahead of the curve. :)

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...