Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
Have been using this for a few hours:
Code: Select all
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^admin/?$ http://%{REMOTE_ADDR}/ [R=301,L]
It has already decreased the number of requests to our server from this attacker by 70 percent. IMHO this can be a better strategy then merely responding with 403-results. We'll see. The goal is to make him give up, realizing he's just wasting his bandwidth and compromised servers.
Will compare this with another strategy which returns standard 404 responses later on, to see which works better.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Means no real person stands behind.
While the idea of sending back to the original address (which I am using since years with success) is smart, finally not many will notice that.
Maybe I am wrong .. ?
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
And noticed that user agent is always same with empty Post string
Code: Select all
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Got an urgent question that’s keeping you up at night? There might just be a magical inbox ready to help: khnaz35@gmail.com
Enjoy nature
Many thanks,
James
Bullet Polish Europe Ltd
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
https://github.com/CIDRAM/CIDRAM
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
It doesn't. Use Ninja Firewall for that:
https://nintechnet.com/ninjafirewall/pro-edition
I use both Ninja Firewall and Cidram on my Opencart sites. It's also worth adding an extension to protect the admin folder.
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
They do a free version.haydent wrote: ↑Wed Apr 19, 2023 10:28 ami looked at ninja but its all paid from what i can see, i think the simplest and cheapest might be a fail2ban jail, (assuming you have control over that) found one in first google result https://zuma-design.com/opencart-fail2ban-jail
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
@JNeuhoffJNeuhoff wrote: ↑Sun Jan 29, 2023 1:30 amHave been using this for a few hours:
Sends back a multitude of different pages and network failures back to the compromised servers used by the attacker, and I assume these compromised servers will pass on the results (often pages with 200 status code) to the attacker himself for evaluation. Or at least it will pass on the user/password guesses (which are actually invalid anyway, though the attacker doesn't know it).Code: Select all
RewriteCond %{REQUEST_METHOD} POST RewriteCond %{QUERY_STRING} ^$ RewriteRule ^admin/?$ http://%{REMOTE_ADDR}/ [R=301,L]
It has already decreased the number of requests to our server from this attacker by 70 percent. IMHO this can be a better strategy then merely responding with 403-results. We'll see. The goal is to make him give up, realizing he's just wasting his bandwidth and compromised servers.
Will compare this with another strategy which returns standard 404 responses later on, to see which works better.
So in the end, which strategy works best?
Users browsing this forum: No registered users and 2 guests