twynn Posted November 9, 2018 Share Posted November 9, 2018 On our action recorder, there are over 50 failed login attempts from one day this week. They tried around 5 different usernames that relate to our company including company name, admin, and root. Can anyone offer some insight on why this is happening and if it's someone trying to breach our osCommerce system? Thanks in advance. Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 9, 2018 Share Posted November 9, 2018 Yes, it is some hacker trying to get in. Many times they use scripts that just randomly guess at possible names. The first thing to do is to rename your admin directory to something they cannot guess at. It should contain both upper and lower case letters as well as numbers. You need to change the name in the admin/includes/configure.php file too. I also suggest blocking the IP that was used for those attempts (it is in the action recorder section). Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
twynn Posted November 9, 2018 Author Share Posted November 9, 2018 22 minutes ago, Jack_mcs said: Yes, it is some hacker trying to get in. Many times they use scripts that just randomly guess at possible names. The first thing to do is to rename your admin directory to something they cannot guess at. It should contain both upper and lower case letters as well as numbers. You need to change the name in the admin/includes/configure.php file too. I also suggest blocking the IP that was used for those attempts (it is in the action recorder section). Thank you for your help. I found the IP, but how do I block it? Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 9, 2018 Share Posted November 9, 2018 It needs to be added to the .htaccess file in the root of the shop. Check in your hosts control panel to see if there is a tool to block IP's. If not, you will need to do it by adding this line to the file (replace all of the x's with the actual numbers): deny from xx.xx.xx.xx If you are editing manually, be sure to make a backup of the file first. While it is safe to make such changes, it is easy to make a mistake and that can cause the site not to load. So having a backup is a quick way to get out of that problem. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.