50+ failed logins on the same day w/ different username attempts

[twynn]

On our action recorder, there are over 50 failed login attempts from one day this week. They tried around 5 different usernames that relate to our company including company name, admin, and root. Can anyone offer some insight on why this is happening and if it's someone trying to breach our osCommerce system?

Thanks in advance.

[Jack_mcs]

Yes, it is some hacker trying to get in. Many times they use scripts that just randomly guess at possible names. The first thing to do is to rename your admin directory to something they cannot guess at. It should contain both upper and lower case letters as well as numbers. You need to change the name in the admin/includes/configure.php file too. I also suggest blocking the IP that was used for those attempts (it is in the action recorder section).

[twynn]

22 minutes ago, Jack_mcs said:

Yes, it is some hacker trying to get in. Many times they use scripts that just randomly guess at possible names. The first thing to do is to rename your admin directory to something they cannot guess at. It should contain both upper and lower case letters as well as numbers. You need to change the name in the admin/includes/configure.php file too. I also suggest blocking the IP that was used for those attempts (it is in the action recorder section).

Thank you for your help. I found the IP, but how do I block it? 

[Jack_mcs]

It needs to be added to the .htaccess file in the root of the shop. Check in your hosts control panel to see if there is a tool to block IP's. If not, you will need to do it by adding this line to the file (replace all of the x's with the actual numbers):

deny from xx.xx.xx.xx

If you are editing manually, be sure to make a backup of the file first. While it is safe to make such changes, it is easy to make a mistake and that can cause the site not to load. So having a backup is a quick way to get out of that problem.