What are these hackers trying to do?

[TheGuy]

In our logs we show some hacking attempts. They are unsuccessful, but I'd like to know what they are trying to do.

The logs show things like this:

 

/sitemap.xml/admin/categories.php/login.php

and

/sitemap.xml/admin/banner_manager.php/login.php

 

what are they trying to do? Thanks.

[Jack_mcs]

They are trying hacking methods known to work on sites that are not properly secured. If you have renamed your admin directory, nothing will happen from it.

[hyepo]

My site is live. How do I rename the admin dir w/o messing everything else up? I'm actually afraid to change anything at this point because everything works. Thx

 

 

 

[Jack_mcs]

You have to rename the admin directory using an ftp program or the file manager in your hosts control panel. Then edit the admin/includes/configure.php file and change the name in it. Even if you make a mistake, the admin doesn't affect the shop side so your site won't go down.

[letmein]

Hi, yesterday I had to go through a new install of v2.3.3.2 and only discovered today that within 60 minutes of the installation a new 80Mb file had been dropped into my admin folder. The file was named core.518944. I deleted it as I have never noticed that file before or a file of that size. I only got around to changing the name of my admin folder today as I was a bit rusty on what to change and where. For novices, there are three changes, name of folder and the two admins in the admin/includes/configure.php file.

 

So can anyone hazard a guess as to what that large file may have been?

[burt]

Core files are created when something on the server happens, for example a crash.

They are not files that have been placed due to a hack.

 

If you are wanting more information on core files, ask your host.

[letmein]

Thanks Bazinga.