Around 5:30 this afternoon my CPU usage shot up from 40% to 100% and memory went from 100 MB to 2 GB (the limit). Now pages either load slowly or not at all, or more often a "service unavailable" 503 error. Turns out /admin/index.php is running dozens of times per minute even when I'm not logged in as admin. I can kill them from the linux command line, but they come right back. Does this sound like some kind of brute-force or DDOS attack? I asked my hosting tech support, and he suggested I look into Cloudflare DNS. In the mean time, I've put the site in maintenance mode and changed my admin password. Does anyone know what might be going on?
viewtopic.php?t=225771&p=830076
viewtopic.php?f=179&t=221873
https://www.google.com/search?q=brute-f ... cart+forum
viewtopic.php?f=179&t=221873
https://www.google.com/search?q=brute-f ... cart+forum
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
Thank you Mona. I was freaking out too much to do a proper search. I temporarily stopped the attack by changing the name of the index file, then made the recommended code change and password protected the admin directory before changing the name back. I plan to make some other security upgrades on the server as well.
What's in your server's raw access log?
As by mona pointed out, it could be the well know bruteforce attacker, in which case you might want to add this to the beginning of your admin/index.php file:
As by mona pointed out, it could be the well know bruteforce attacker, in which case you might want to add this to the beginning of your admin/index.php file:
Code: Select all
if ($_SERVER['HTTP_USER_AGENT'] == 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0') {
header('HTTP/1.0 403 Forbidden');
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (empty($_GET)) {
header('HTTP/1.0 403 Forbidden');
exit;
}
}
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
We're seeing this DDoS on a lot of OC sites today: viewtopic.php?f=179&t=225771
We'll soon be posting a vQmod fix on the thread above.
We'll soon be posting a vQmod fix on the thread above.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Guru Member
Who is online
Users browsing this forum: niagato, Semrush [Bot], thomas_1989 and 638 guests