Post by JNeuhoff » Fri Nov 19, 2021 6:04 pm

Perhaps your 404 page triggers additional requests to retrieve other components of your 404 page. But you should always see an initial 404 responses in your access log.

Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster * Survey Plus


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by JNeuhoff » Wed Nov 24, 2021 10:27 pm

I just changed the original thread title, removing the '[SOLVED' prefix.

Reason for this: We have tried the Bitninja WAF. It repels about 90% or so of the bruteforce attackers' POST requests, but that still leaves too many to slip through to our websites. Some of Bitninja's rules are based on an old Google reCaptcha, and invisible captcha, and/or a honeypot trap. These may be good enough for rejecting simply spambots, but are insufficient for bruteforce attacks. Ours resulted in over a million gray-listed IP addresses in a matter of a few weeks.

Also, the Bitninja caused some 405 errors, especially for Safari web browser users. Safari has known autofill bugs anyway, so server-side honeypot traps often result in false rejections for Safari.

So it's back to square one: A decent WAF is needed here!

BTW.: This simple PHP script in our admin/index.php rejects the bruteforce attackers' POST requests to the /admin quite effectively:

Code: Select all

if ($_SERVER['HTTP_USER_AGENT'] == 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0') {
	header('HTTP/1.0 403 Forbidden');
	exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	if (empty($_GET)) {
		header('HTTP/1.0 403 Forbidden');
		exit;
	}
}
But such a rule should really be implemented on a firewall level!

Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster * Survey Plus


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by OSWorX » Wed Nov 24, 2021 11:25 pm

JNeuhoff wrote:
Wed Nov 24, 2021 10:27 pm
..
So it's back to square one: A decent WAF is needed here!
..
As written prior: viewtopic.php?f=179&t=225771#p829883
May cost around 250,- Euro per month (and you should own the server by yourself), this money is worth every Cent.

Because: those stupid script kiddies will never give up.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by Zanato » Fri Nov 26, 2021 9:28 pm

Astra offer a firewall for $20/month. I've no affiliation and haven't used them myself. I'm just shopping around and they look good.

https://www.getastra.com/pricing

New member

Posts

Joined
Fri Oct 04, 2013 4:58 am
Location - Dublin, Ireland

Post by EvolveWebHosting » Sat Nov 27, 2021 11:33 am

Zanato wrote:
Fri Nov 26, 2021 9:28 pm
Astra offer a firewall for $20/month. I've no affiliation and haven't used them myself. I'm just shopping around and they look good.

https://www.getastra.com/pricing
Astra is very good and we are partnered with them. $20 / month is if you pay for a year up front. Now through Nov 30th, we are offering 1 year for $179.88 - After Nov 30th, 1 year will be $16.99/month paid Annually ($203.88)

https://www.evolvewebhost.com/security/astra

Image
$2.75 per month hosting w/ cPanel - free transfers
Detailed guide on how to install Opencart


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA
Who is online

Users browsing this forum: No registered users and 4 guests