Jump to content

Archived

This topic is now archived and is closed to further replies.

nedragdnuos

Should I worry that IP Trap and Osc-Sec find so many hack attmepts?

Recommended Posts

Hi all,

 

First of all I have OSC 2.3.1 with all security patches applied (about to updgrade to 2.3.2 then 2.3.3 in the coming weeks) and IP Trap and oscsec installed and working with htaccess on my obscurely renamed admin section.

 

I'm just wondering however, whether or not I should worry (ie be paranoid) that IP Trap and OSC SEC keep trapping sooooo many attempts by people trying to access parts of my store such as - /admin/configure, admin/catalog/configure etc, the list of various directories is quite long, but I hope you get the idea of what my user access logs show me as hack attempts to widly various non existant parts of my store - but are via specific directory/files locations of a default install or variation therof.

 

So my questions are, should I worry? Should I be paranoid? Should I keep adding these IP's to my blocked list? Buy mainly, I suppose, why are these people so blantantly trying to access bits of my store that they should know are OFF LIMITS!!

 

Cheers, from someone slightly paranoid, for today anyway....

Share this post


Link to post
Share on other sites

@@nedragdnuos

 

No, I wouldn't worry. Lately there have been a rash of auto-scripts testing osCommerce sites.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Worrying wont solve anything.

 

Web sites are designed so anyone can access them and the fact that these access attempts are being blocked should give you a warm fuzzy feelng.

 

Now isn't that a better way to look at it?

 

Cheers

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Thanks Chris and Geoff for the fast replys!! Very much appreciated.

 

I suppose the warm fuzzy feeling will eventually happen LOL.

 

Is it still worthwhile though, adding the IP addresses to my IP deny in cpanel? Ive pretty much blocked all of the Ukraine - they seem particularly persistant, but everything else is sporadic ips from all over the world.

 

Have a good wekeend!!

Share this post


Link to post
Share on other sites

If you have IP trap installed correctly it should be adding it to ip_trapped.txt and os_sec can add it to htaccess.

 

So you can set them up to do this automatically.

 

Cheers

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

×