Hello Everyone,
We've just noticed today that two people from different countries landed on our renamed admin folder. Our admin folder is protected with an .htaccess file that only allows browsers from our office ip address to access the folder. This is something we've never noticed before.
I've got a couple of questions....
How are they doing this?
How can we prevent it from happening?
Any help would be appreciated.
We're running Opencart 3.0.3.1
Did they actually access the admin directory or did the htaccess rule deny access? It would still show in the web access logs just the status codes would be 200 for success and 403 for forbidden.
The admin directory names can be leaked. For example in email headers or some sort of bug. There are also tools out there that will brute force directory names.
The admin directory names can be leaked. For example in email headers or some sort of bug. There are also tools out there that will brute force directory names.
Thanks for the reply ADD creative.ADD Creative wrote: ↑Fri Jan 26, 2024 1:41 amDid they actually access the admin directory or did the htaccess rule deny access? It would still show in the web access logs just the status codes would be 200 for success and 403 for forbidden.
The admin directory names can be leaked. For example in email headers or some sort of bug. There are also tools out there that will brute force directory names.
In our hosting under "Latest web server error log messages:" I'm seeing the following messages related to the ip address we saw attempting to access the folder:
AH01797: client denied by server configuration:
There are dozens and dozens of these as they seem to be trying to access many different htm files, java script files or open cart paths.
There's also a referer link from another website in the error path, which is an Open Cart site.
AH01797: client denied by server configuration: /home/XXXX/public_html/XXXXX/index.php, referer: https://otheropencartsite.com/
Am I safe to assume that the htaccess file is doing it's job?
Is there anything else we should adding?
Regards,
Paul
Try this or something similar:p419 wrote: ↑Fri Jan 26, 2024 1:05 amHello Everyone,
We've just noticed today that two people from different countries landed on our renamed admin folder. Our admin folder is protected with an .htaccess file that only allows browsers from our office ip address to access the folder. This is something we've never noticed before.
I've got a couple of questions....
How are they doing this?
How can we prevent it from happening?
Any help would be appreciated.
We're running Opencart 3.0.3.1
https://www.opencart.com/index.php?rout ... n_id=40693
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
Yes that does look like your htaccess rules are blocking access. It not unusual bots trying to access files. They are probably scanning for known issues that are nothing to do with OpenCart.p419 wrote: ↑Fri Jan 26, 2024 2:31 amIn our hosting under "Latest web server error log messages:" I'm seeing the following messages related to the ip address we saw attempting to access the folder:
AH01797: client denied by server configuration:
There are dozens and dozens of these as they seem to be trying to access many different htm files, java script files or open cart paths.
There's also a referer link from another website in the error path, which is an Open Cart site.
AH01797: client denied by server configuration: /home/XXXX/public_html/XXXXX/index.php, referer: https://otheropencartsite.com/
Am I safe to assume that the htaccess file is doing it's job?
Is there anything else we should adding?
Thanks John, we'll take a look at something like that as well.johnp wrote: ↑Fri Jan 26, 2024 3:00 amTry this or something similar:p419 wrote: ↑Fri Jan 26, 2024 1:05 amHello Everyone,
We've just noticed today that two people from different countries landed on our renamed admin folder. Our admin folder is protected with an .htaccess file that only allows browsers from our office ip address to access the folder. This is something we've never noticed before.
I've got a couple of questions....
How are they doing this?
How can we prevent it from happening?
Any help would be appreciated.
We're running Opencart 3.0.3.1
https://www.opencart.com/index.php?rout ... n_id=40693
Regards,
Paul
Thanks for the reply.ADD Creative wrote: ↑Fri Jan 26, 2024 5:00 amYes that does look like your htaccess rules are blocking access. It not unusual bots trying to access files. They are probably scanning for known issues that are nothing to do with OpenCart.p419 wrote: ↑Fri Jan 26, 2024 2:31 amIn our hosting under "Latest web server error log messages:" I'm seeing the following messages related to the ip address we saw attempting to access the folder:
AH01797: client denied by server configuration:
There are dozens and dozens of these as they seem to be trying to access many different htm files, java script files or open cart paths.
There's also a referer link from another website in the error path, which is an Open Cart site.
AH01797: client denied by server configuration: /home/XXXX/public_html/XXXXX/index.php, referer: https://otheropencartsite.com/
Am I safe to assume that the htaccess file is doing it's job?
Is there anything else we should adding?
We'll consider it safe for now, but we'll keep an eye on it!
Regards,
Paul
Who is online
Users browsing this forum: No registered users and 11 guests
