Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Login brute force attack


ArtcoInc

Recommended Posts

Has anyone experienced a brute-force attack on their site to log into account(s)?

 

For the last two days, I have been having many login attempts on one of my store. Right now, there are over 15 login attempts (my site is *not* that popular!), all from different IP addresses:

 

post-327952-0-71293000-1492013674_thumb.jpg

 

TIA

 

Malcolm

 

 

 

Link to comment
Share on other sites

Protected by Action_Recorder ?

That's OK but useless if the brute forcer is cycling IP addresses.

 

Maybe add in a Recaptcha into the login form ?  <-- this might be useful

 

I have never done it, but it should be do-able.  

You have 29DoC/10 so that would be the basis of it.

Link to comment
Share on other sites

  • 6 months later...

I am curious if this is common; I also have about 25 login attempts per day. None of the emails are actual accounts. I exported the log file and sorted by IP to analyze and can see some repeat use of the same email from different IP and also multiple different emails from the same IP. There are so many I don't think .htaccess blocks are worth the effort.

Does everyone get this same activity or is there maybe something drawing this malicious sniffing to my site?

Link to comment
Share on other sites

Hackers attempts are common on most sites but I've not seen any where so many attempts were made by different IP's in such a short amount of time. I suggest you check google to see if your login page is listed (it shouldn't be) by using site: your domain name/login.php Also check the links on your site to see if the links to the secure pages are not using https, assuming you have an ssl certificate installed. I've seen many templates that were not coded correctly that way.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Consider running a daily cron job to list all your files (ls -la) and flag new ones and unexpected changes (to size or last update timestamp). Such a thing is helpful for discovering unauthorized changes to files, and added files (such as described in the article). It's another layer of security. One of the security add-ons might already incorporate this function. For very high traffic sites, checking two or three times a day might not be unreasonable.

In the referenced article, someone got into an osC 2.3.4 site and planted a backdoor or data dumper. It didn't seem to describe how the hacker got in, though, leaving the possibility of a security hole in osC itself, or (more likely), some problem on the server or a compromised password.

Link to comment
Share on other sites

Follow up from my recent inquiry:

I had an info box on my home index page for login (enter your username and password). After turning off this infobox the 25 or so fake login attempts per day stopped immediately. I still have links to My Account and Log Yourself in, I just don't have the infobox to login directly from the homepage.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...