OK, so yes I am a newbie but, I am learning!
the other day I saw a guest that had several last clics registered as blah blah/catalog/admin/blah blah and then catalog/admin/filemanager/ blah blah... so I figure someone was trying to gain access to my site... right?
so as I have been paranoid and concerned I have noticed this IP below that seems to bounce around the site quite a bit.
14:32:01 0 Guest 66.249.68.140 20:02:37 10:30:44 /product_info.php?manufacturers_id=3&products_id=174
notice that its been there for like 14 hours! and it has gone away and come back. It is in products so I am not overly concerned. I have noticed the site running slower so it makes me nervous that it is feeding something somewhere. How do I know if I have been hacked?
I did most of the security items in Geoff Whaltons signiture so I am confident that I am OK... well, maybe I am not so confident hence my asking this.
I went in and changed the ssl check (getenv('SERVER_PORT') == '443') in th general and application_top.php's
annnnnd added the caching function to aid and I think that helped but I am nervous seeing this ip staying there. Can I block it or something....? or will that even do any good?
thanks for any input, ye great wizards of the open source community...---- sorry for the brown nose...
Latest News: (loading..)
0
3 replies to this topic
#2
Posted 08 February 2012, 18:17
The admin/filemanager link is almost certaily a hacker. The IP 66.249.68.140 is google.
Recommended SEO Addons:
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
#3
Posted 08 February 2012, 18:36
i saw that but I didnt understand... is that there web crawler finding links and such for search engine optimization? I thought maybe someone could be using a google service or something....
That makes me feel better though. I am not so worried now it kind of makes sense. By the way, I do not have a folder called admin.... so I am assuming that they typed that in manually and my last click field just picked up what they input manually into the addy bar. I also don't have a file manager....
I have to admit I was alarmed when I saw those links but, since I know I deleted them and/or changed the name, I know they don't exist but it just shook me up a little.
That makes me feel better though. I am not so worried now it kind of makes sense. By the way, I do not have a folder called admin.... so I am assuming that they typed that in manually and my last click field just picked up what they input manually into the addy bar. I also don't have a file manager....
I have to admit I was alarmed when I saw those links but, since I know I deleted them and/or changed the name, I know they don't exist but it just shook me up a little.
#4
Posted 08 February 2012, 19:07
The hackers blindly try accessing admin because they know that is the default name. And they try file_manager because that is an easy way in in unprotected sites. There are many shops that still use both, which is one of the reason why there are posts here each week about sites being hacked. So consider yourself ahead of the curve. 
Recommended SEO Addons:
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
