Page 1 of 1
[SOLVED] Someone browsed to our renamed admin folder that is protected by htaccess
Posted: Fri Jan 26, 2024 1:05 am
by p419
Hello Everyone,
We've just noticed today that two people from different countries landed on our renamed admin folder. Our admin folder is protected with an .htaccess file that only allows browsers from our office ip address to access the folder. This is something we've never noticed before.
I've got a couple of questions....
How are they doing this?
How can we prevent it from happening?
Any help would be appreciated.
We're running Opencart 3.0.3.1
Re: Someone browsed to our renamed admin folder that is protected by htaccess
Posted: Fri Jan 26, 2024 1:41 am
by ADD Creative
Did they actually access the admin directory or did the htaccess rule deny access? It would still show in the web access logs just the status codes would be 200 for success and 403 for forbidden.
The admin directory names can be leaked. For example in email headers or some sort of bug. There are also tools out there that will brute force directory names.
Re: Someone browsed to our renamed admin folder that is protected by htaccess
Posted: Fri Jan 26, 2024 2:31 am
by p419
ADD Creative wrote: ↑Fri Jan 26, 2024 1:41 am
Did they actually access the admin directory or did the htaccess rule deny access? It would still show in the web access logs just the status codes would be 200 for success and 403 for forbidden.
The admin directory names can be leaked. For example in email headers or some sort of bug. There are also tools out there that will brute force directory names.
Thanks for the reply ADD creative.
In our hosting under "Latest web server error log messages:" I'm seeing the following messages related to the ip address we saw attempting to access the folder:
AH01797: client denied by server configuration:
There are dozens and dozens of these as they seem to be trying to access many different htm files, java script files or open cart paths.
There's also a referer link from another website in the error path, which is an Open Cart site.
AH01797: client denied by server configuration: /home/XXXX/public_html/XXXXX/index.php, referer:
https://otheropencartsite.com/
Am I safe to assume that the htaccess file is doing it's job?
Is there anything else we should adding?
Re: Someone browsed to our renamed admin folder that is protected by htaccess
Posted: Fri Jan 26, 2024 3:00 am
by johnp
p419 wrote: ↑Fri Jan 26, 2024 1:05 am
Hello Everyone,
We've just noticed today that two people from different countries landed on our renamed admin folder. Our admin folder is protected with an .htaccess file that only allows browsers from our office ip address to access the folder. This is something we've never noticed before.
I've got a couple of questions....
How are they doing this?
How can we prevent it from happening?
Any help would be appreciated.
We're running Opencart 3.0.3.1
Try this or something similar:
https://www.opencart.com/index.php?rout ... n_id=40693
Re: Someone browsed to our renamed admin folder that is protected by htaccess
Posted: Fri Jan 26, 2024 5:00 am
by ADD Creative
p419 wrote: ↑Fri Jan 26, 2024 2:31 am
In our hosting under "Latest web server error log messages:" I'm seeing the following messages related to the ip address we saw attempting to access the folder:
AH01797: client denied by server configuration:
There are dozens and dozens of these as they seem to be trying to access many different htm files, java script files or open cart paths.
There's also a referer link from another website in the error path, which is an Open Cart site.
AH01797: client denied by server configuration: /home/XXXX/public_html/XXXXX/index.php, referer:
https://otheropencartsite.com/
Am I safe to assume that the htaccess file is doing it's job?
Is there anything else we should adding?
Yes that does look like your htaccess rules are blocking access. It not unusual bots trying to access files. They are probably scanning for known issues that are nothing to do with OpenCart.
Re: Someone browsed to our renamed admin folder that is protected by htaccess
Posted: Fri Jan 26, 2024 10:46 pm
by p419
johnp wrote: ↑Fri Jan 26, 2024 3:00 am
p419 wrote: ↑Fri Jan 26, 2024 1:05 am
Hello Everyone,
We've just noticed today that two people from different countries landed on our renamed admin folder. Our admin folder is protected with an .htaccess file that only allows browsers from our office ip address to access the folder. This is something we've never noticed before.
I've got a couple of questions....
How are they doing this?
How can we prevent it from happening?
Any help would be appreciated.
We're running Opencart 3.0.3.1
Try this or something similar:
https://www.opencart.com/index.php?rout ... n_id=40693
Thanks John, we'll take a look at something like that as well.
[Solved] Re: Someone browsed to our renamed admin folder that is protected by htaccess
Posted: Fri Jan 26, 2024 10:52 pm
by p419
ADD Creative wrote: ↑Fri Jan 26, 2024 5:00 am
p419 wrote: ↑Fri Jan 26, 2024 2:31 am
In our hosting under "Latest web server error log messages:" I'm seeing the following messages related to the ip address we saw attempting to access the folder:
AH01797: client denied by server configuration:
There are dozens and dozens of these as they seem to be trying to access many different htm files, java script files or open cart paths.
There's also a referer link from another website in the error path, which is an Open Cart site.
AH01797: client denied by server configuration: /home/XXXX/public_html/XXXXX/index.php, referer:
https://otheropencartsite.com/
Am I safe to assume that the htaccess file is doing it's job?
Is there anything else we should adding?
Yes that does look like your htaccess rules are blocking access. It not unusual bots trying to access files. They are probably scanning for known issues that are nothing to do with OpenCart.
Thanks for the reply.
We'll consider it safe for now, but we'll keep an eye on it!