nedragdnuos Posted September 8, 2012 Share Posted September 8, 2012 Hi all, First of all I have OSC 2.3.1 with all security patches applied (about to updgrade to 2.3.2 then 2.3.3 in the coming weeks) and IP Trap and oscsec installed and working with htaccess on my obscurely renamed admin section. I'm just wondering however, whether or not I should worry (ie be paranoid) that IP Trap and OSC SEC keep trapping sooooo many attempts by people trying to access parts of my store such as - /admin/configure, admin/catalog/configure etc, the list of various directories is quite long, but I hope you get the idea of what my user access logs show me as hack attempts to widly various non existant parts of my store - but are via specific directory/files locations of a default install or variation therof. So my questions are, should I worry? Should I be paranoid? Should I keep adding these IP's to my blocked list? Buy mainly, I suppose, why are these people so blantantly trying to access bits of my store that they should know are OFF LIMITS!! Cheers, from someone slightly paranoid, for today anyway.... Link to comment Share on other sites More sharing options...
Guest Posted September 8, 2012 Share Posted September 8, 2012 @@nedragdnuos No, I wouldn't worry. Lately there have been a rash of auto-scripts testing osCommerce sites. Chris Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted September 8, 2012 Share Posted September 8, 2012 Worrying wont solve anything. Web sites are designed so anyone can access them and the fact that these access attempts are being blocked should give you a warm fuzzy feelng. Now isn't that a better way to look at it? Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
nedragdnuos Posted September 8, 2012 Author Share Posted September 8, 2012 Thanks Chris and Geoff for the fast replys!! Very much appreciated. I suppose the warm fuzzy feeling will eventually happen LOL. Is it still worthwhile though, adding the IP addresses to my IP deny in cpanel? Ive pretty much blocked all of the Ukraine - they seem particularly persistant, but everything else is sporadic ips from all over the world. Have a good wekeend!! Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted September 8, 2012 Share Posted September 8, 2012 If you have IP trap installed correctly it should be adding it to ip_trapped.txt and os_sec can add it to htaccess. So you can set them up to do this automatically. Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.