ArtcoInc Posted April 12, 2017 Share Posted April 12, 2017 Has anyone experienced a brute-force attack on their site to log into account(s)? For the last two days, I have been having many login attempts on one of my store. Right now, there are over 15 login attempts (my site is *not* that popular!), all from different IP addresses: TIA Malcolm Link to comment Share on other sites More sharing options...
burt Posted April 12, 2017 Share Posted April 12, 2017 Protected by Action_Recorder ? That's OK but useless if the brute forcer is cycling IP addresses. Maybe add in a Recaptcha into the login form ? <-- this might be useful I have never done it, but it should be do-able. You have 29DoC/10 so that would be the basis of it. Link to comment Share on other sites More sharing options...
mmph Posted November 8, 2017 Share Posted November 8, 2017 I am curious if this is common; I also have about 25 login attempts per day. None of the emails are actual accounts. I exported the log file and sorted by IP to analyze and can see some repeat use of the same email from different IP and also multiple different emails from the same IP. There are so many I don't think .htaccess blocks are worth the effort.Does everyone get this same activity or is there maybe something drawing this malicious sniffing to my site? Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 8, 2017 Share Posted November 8, 2017 Hackers attempts are common on most sites but I've not seen any where so many attempts were made by different IP's in such a short amount of time. I suggest you check google to see if your login page is listed (it shouldn't be) by using site: your domain name/login.php Also check the links on your site to see if the links to the secure pages are not using https, assuming you have an ssl certificate installed. I've seen many templates that were not coded correctly that way. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
ArtcoInc Posted November 8, 2017 Author Share Posted November 8, 2017 @mmph @Jack_mcs In my case, the "attack" only lasted a day (or two), and then settled down. I guess whoever moved on to the next site. FWIW, I did find this (although it did not apply to me) ... https://www.htbridge.com/blog/drive_by_login_attack_the_end_of_safe_web.html Malcolm Link to comment Share on other sites More sharing options...
MrPhil Posted November 9, 2017 Share Posted November 9, 2017 Consider running a daily cron job to list all your files (ls -la) and flag new ones and unexpected changes (to size or last update timestamp). Such a thing is helpful for discovering unauthorized changes to files, and added files (such as described in the article). It's another layer of security. One of the security add-ons might already incorporate this function. For very high traffic sites, checking two or three times a day might not be unreasonable. In the referenced article, someone got into an osC 2.3.4 site and planted a backdoor or data dumper. It didn't seem to describe how the hacker got in, though, leaving the possibility of a security hole in osC itself, or (more likely), some problem on the server or a compromised password. Link to comment Share on other sites More sharing options...
mmph Posted November 10, 2017 Share Posted November 10, 2017 Follow up from my recent inquiry: I had an info box on my home index page for login (enter your username and password). After turning off this infobox the 25 or so fake login attempts per day stopped immediately. I still have links to My Account and Log Yourself in, I just don't have the infobox to login directly from the homepage. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.