Post by sundsx » Wed Jul 22, 2020 10:59 pm

Hi to all community members, about a day after renaming the admin directory I noticed that many visitors are looking for the admin folder. like https://www.mysite.it/admin/. Could it be just a coincidence or am I under attack?
OC Versione 3.0.3.1
Tracing the IP of the visitors found that they come from all over the world.
Only a Chinese viewer always tries to attack me with this link https://www.mysite.it/skin/adminer-3.3.2.php.
Do I have to worry? can I block the Chinese visitor's IP?
What you suggest to me? Thanks a lot

Newbie

Posts

Joined
Fri Feb 15, 2019 8:32 pm

Post by IP_CAM » Thu Jul 23, 2020 3:47 am

Well, if you already renamed admin, you might have to rework the mods listed below as well. But otherwise,
they will all add to overall Admin Security:

Simple Login Security (Very simple solution, I use such a Mod for a long time already)
If you want to make your administrator login page more private, this extension is just for you.
Functionality:
- Login page is accessible only with custom secret code
(http://yourwebsite.com/admin/?passkey=YourPassword)
- Custom pass key and password
- Post'ed login info from other url wont be accepted without YourPassword
Simple but strong security enhancement. Using this extension you will disable login page access to everyone but yourself.
https://www.opencart.com/index.php?rout ... n_id=21371
---
False Admin Login Security ( Change the Lockout period to whatever time you want, to keep 'em out for good)
Do you want to secure your store Admin login? Do you want to limit your Admin login attempt? Just install False Admin login Security extension and configure it. that's all.
https://www.opencart.com/index.php?rout ... n_id=39292
---
Opencart Security Admin Whitelist Access ( Allows access only to listed IP's)
Whitelisting is the practice of explicitly allowing some identified entities access to a particular privilege, service, mobility, access or recognition. It is the reverse of blacklisting. Many network admins set up IP address whitelists, or a IP address filter, to control who is allowed on their networks / applications / servers.
https://www.opencart.com/index.php?rout ... n_id=37806
---
In addition to keep some IP's out, use your SHOP .htaccess file, to at best lock out entire Blocks, I so far lock
out ~1'840 Ranges/Lines, totalling in more than 650'000 IP's, in my 113 KB ! .htaccess file, and it has no negative
effect on overall performance! Just make sure, not to block potential Customer IP Ranges, or even yourself! :D
Use something like this, to check (full) IP numbers: https://whatismyipaddress.com/ip-lookup

Code: Select all

## Ernie's OpenCart .htaccess File Juli-21-2020
Options +SymLinksIfOwnerMatch
Options -Indexes
LimitRequestBody 750000
(FROM HERE:)
<Files *>
order allow,deny
deny from 1.20.100.
deny from 1.20.220.
deny from 1.25.110.
deny from 1.31.97.
deny from 1.32.
deny from 1.49.47.
deny from 1.53.137.
deny from 1.70.76.
deny from 1.83.28.
deny from 1.83.127.
deny from 1.189.193.
deny from 1.194.83.
deny from 1.194.87.
deny from 1.198.28.
deny from 2.56.241.
deny from 2.56.242.
deny from 2.58.
deny from 2.59.
...
...
...
...
deny from 223.244.152.
deny from 223.244.153.
deny from 223.244.154.
allow from all
</Files>
(TO HERE)
And it's a daily TASK, to check your Site+Admin Access+Error Logs, to keep .htaccess up to date, don't forget that ! :D
----
Good Luck! ;)
Ernie
PS: Just be aware, that even unallowed Access-Attempts may still show up in Admin Logs, despite of the fact, that they get no access.
They just never display an (Shop-related) Referrer Address in the Logs, and usually one have one Log Entry.

Please don't send me OC Forum Personal Messages, just contact: jti@jacob.ch
---
OC 1.5.6.5 LIGHT Test Site: http://www.bigmax.ch/shop/
OC 1.5.6.5 V-PRO Test Site: http://www.openshop.li/shop/
My Github OC Site: https://github.com/IP-CAM
2'600+ FREE OC Extensions on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by sundsx » Thu Jul 23, 2020 5:02 pm

Tank You @IP_CAM! Was a good suggest. I finf so useful .htaccs strategies. I will do surely.
Special attention to your deny from...
So you deny any ip try to connect to admin folder? right?

What about adminer-3.3.2.php? can be dangerous?

Thanks a lot IP_CAM

Newbie

Posts

Joined
Fri Feb 15, 2019 8:32 pm

Post by OSWorX » Thu Jul 23, 2020 7:56 pm

sundsx wrote:
Thu Jul 23, 2020 5:02 pm
What about adminer-3.3.2.php? can be dangerous?
adminer-* is nothing else than a simple replacement for the phpMyAdmin, see: https://www.adminer.org/en/
What those scriptkiddies are trying to hit this tool.
The number after "adminer-" is the version number.

Currently it seems that they have fun to search for, I for myself have x-thousand tries each day.
No worry about IF YOU HAVE THIS TOOL NOT USED!

Note: adminer can be used a simple replacement for any databasetool (e.g. like phpMyAdmin).
But (!!) it should not be stored any longer when not used anymore.


Better to rename this tool to something else (while also valid here: delete after usage).

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by sundsx » Thu Jul 23, 2020 8:13 pm

Thank you @OSWorX! Yes i dont use that tools.

Newbie

Posts

Joined
Fri Feb 15, 2019 8:32 pm

Post by IP_CAM » Thu Jul 23, 2020 8:18 pm

So you deny any ip try to connect to admin folder? right?
Well, I deny any IP, accessing my Servers by use of some screwy link-code,
and since I don't need the whole World to see my Sites anyway.

I lock the entire sub-range, instead of only a specific IP Number, like instead of:
123.456.789.123 - I add: 123.456.789. to the .htaccess file, to make sure, that all
numbers of the last IP-Block are beeing locked out. In some cases, I also
lock out the second+third blocks too, to so have everything blocked, coming
from IP 123.xxx.xxx.xxx !

And if one tries to connect a few times within a few seconds, he will be blocked
temporarely. You may check one of my sites, and if you click on links quite fast,
you will be blocked for a short time, and if one is repeating such multiple times,
he will be blocked for 10 hours, to allow me, to later block them for good.
OC 1.5.6.x offers all those extensions, one reason, to still use it ... :laugh:

My .htaccess for far contains 1'871 individual DENY FROM Lines, and every single
day, a couple of new denials are added to the file, to keep some BOOZO-Brains out
for good. It's kind of a Game, just like in real Life too ... :laugh:

And to make double-sure, I also redirect them to Las Vegas too ... :laugh:
So, anyone else, using the same link content, will be redirected automatically.

Regarding your ADMINER file, I am not quite familiar with it, but I assue, if you
have it password-secured well, there should be no problem. Just check the Web,
to make sure, that you always use the latest (tested) Version, just in Case ...

Good Luck! ;)
Ernie
---
Image

Attachments

hackings.png

hackings.png (44.21 KiB) Viewed 1346 times


Please don't send me OC Forum Personal Messages, just contact: jti@jacob.ch
---
OC 1.5.6.5 LIGHT Test Site: http://www.bigmax.ch/shop/
OC 1.5.6.5 V-PRO Test Site: http://www.openshop.li/shop/
My Github OC Site: https://github.com/IP-CAM
2'600+ FREE OC Extensions on the World's largest Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by sundsx » Mon Jul 27, 2020 5:22 pm

Thanks @IP_CAM, your detailed answer was instructive for me. O0

It is very boring because people want to steal your work done with effort and passion.

But very curious for me is the fact that before renaming the admin directory, I didn't see these requests. :crazy:
Ever since I renamed the directory a lot every day.
A great deal of attention and blocking of IP addresses or entire sub IP families is waiting for me as you do.
Thanks for the accurate and educational response. Very funny the redirect to las vegas :) :laugh: :laugh: :laugh:

Newbie

Posts

Joined
Fri Feb 15, 2019 8:32 pm

Post by JNeuhoff » Mon Jul 27, 2020 5:59 pm

You should limit the access to your admin folder to your IP-address only. E.g. put something like this into your 'admin/.htaccess' file:

Code: Select all

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Admin Access Control"
AuthTypeBasic
<LIMIT GET>
order deny, allow
deny from all
#white list IP
allow from xxx.xxx.xxx.xxx
</LIMIT>

Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster * Survey Plus


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by OSWorX » Wed Aug 05, 2020 8:14 pm

JNeuhoff wrote:
Mon Jul 27, 2020 5:59 pm
You should limit the access to your admin folder to your IP-address only.
Beware!
This is a solution ONLY if you have a static IP-Address.
If that's not the case (e.g. dynamic IP-Addresses as many providers have), you will lock out yourself.

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by ASTRA Security Suite » Tue Aug 11, 2020 12:26 am

OSWorX wrote:
Wed Aug 05, 2020 8:14 pm
JNeuhoff wrote:
Mon Jul 27, 2020 5:59 pm
You should limit the access to your admin folder to your IP-address only.
Beware!
This is a solution ONLY if you have a static IP-Address.
If that's not the case (e.g. dynamic IP-Addresses as many providers have), you will lock out yourself.
Agree with OSWorX here. The solution mentioned above would need each of the users logging-in to the admin area to have a static home/work IP - which may not always be possible. Instead, you could add another layer of authentication with HTTP Auth. If you're using a cPanel based hosting, open the File manager within the cPanel, navigate to the root of your OpenCart store, right click on the admin folder, select the option "Password protect this directory" and follow the on-screen steps. For non-cPanel based sites, you can create a .htpasswd file with the credentials, and update the .htaccess file in the /admin folder.

--
Ananda

Spreading happiness while securing OpenCart websites with Astra Security Suite

Real-time protection against Credit Card Hack, SQLi, XSS, Malware, Bad Bots & 100+ cyber threats.


User avatar

Posts

Joined
Tue Jan 31, 2017 11:37 pm

Post by JNeuhoff » Tue Aug 11, 2020 12:36 am

@OSWorX: You are correct, my advise is only useful if your office uses an internet connection with a static IP-address. I think most professional developers or businesses will use a static IP-address.

@ASTRA Security Suite : Good advise for those who don't use a static IP-address, thanks for posting it.

Override Engine * Integrated VQMod * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Rich Snippets * Google Tag Manager * Export/Import Tool * SpamBot Buster * Survey Plus


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by OSWorX » Tue Aug 11, 2020 4:27 am

JNeuhoff wrote:
Tue Aug 11, 2020 12:36 am
I think most professional developers or businesses will use a static IP-address.
Sorry, but again not true.
If static or dynamic IP-Address is not the choice of the developer or business, more the decision of the offered provider packages.
And as long as such package with a static address will cost 50% (or more) than a "standard" access package, I do not see any reason why I should pay such money only to have a "static" address.
Nobody will pay me this price, and I have really no advantage of having only a "static" address.

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member
Online

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Who is online

Users browsing this forum: No registered users and 3 guests