socom Posted July 11, 2018 Share Posted July 11, 2018 we are getting a constant issue with bots trying to hack our admin section with passwords Is there a way to sort this? we are getting lists and lists of failed log in attempts? Link to comment Share on other sites More sharing options...
Mikepo Posted July 11, 2018 Share Posted July 11, 2018 Is a .htaccess file, in your admin directory, setup with : AuthType Basic AuthName "Password Protected Area" AuthUserFile /***/***/***/htpasswd Require valid-user Order Deny,Allow Deny from all Allow from 'Your IP address' and has your admin directory been renamed to something random? Mike osC CE live - developing osC Phoenix adding modules with no core changes(awesome and easy!) Link to comment Share on other sites More sharing options...
socom Posted July 11, 2018 Author Share Posted July 11, 2018 Thank you problem is one of our locations is not on a static IP is there a way to work around this? Link to comment Share on other sites More sharing options...
Jack_mcs Posted July 11, 2018 Share Posted July 11, 2018 If your admin has not been renamed as mentioned by @Mikepothen that is allowing the hackers to find your admin. If they can't find it, they can't try to hack into it. That won't stop them from trying, of course. If you install View counter and add the admin trap code, that will stop them. If you are using a new version of oscommerce, you can look in the action recorder module to find the IP's of those trying to login so that they can be blocked. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Mikepo Posted July 11, 2018 Share Posted July 11, 2018 3 hours ago, socom said: problem is one of our locations is not on a static IP is there a way to work around this? always best to have a static IP. Only a small extra in cost. If not you will have to edit your .htaccess file every time the IP changes. Question, are you running on a self hosted machine? If yes, then I hope not a PC!! I would recommend View counter as suggested by @Jack_mcs osC CE live - developing osC Phoenix adding modules with no core changes(awesome and easy!) Link to comment Share on other sites More sharing options...
♥John W Posted July 11, 2018 Share Posted July 11, 2018 Apache changed how the access is written for 2.4 and I ran into a problem within the last 12 months or so with the old format causing an issue. Even if you don't put the ip address, you still can use cpanel or the like to create a password protect. Then you can modifiy it. You can just put the beginning of your ip address like below. This works for Apache 2.4 and is a little different than older. This way the ip has to begin with 123.123 and that stops most of the world. You still have to have valid user/password. RewriteEngine on SSLRequireSSL AuthType Basic AuthUserFile "/home/myname/.htpasswds/public_html/allrenamed/passwd" AuthName "Restricted" <RequireAll> Require valid-user Require ip 123.123 </RequireAll> I'm not really a dog. Link to comment Share on other sites More sharing options...
socom Posted July 31, 2018 Author Share Posted July 31, 2018 Thank you managed to sort it abit by adding an additional password to the directory. Problem Ref IP is some times i need to access it from other locations which makes it not possible? Will check that module thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.