Failed Login in logs

General General Questions
1

I just decided to take a look at our logs and see SEVERAL failed logins



Example:

User: zhzamhxontg

IP address: 91.212.226.137



User: AndyCrepsy

IP address: 83.10.38.205



User: Bumboelenen

IP address: 91.212.226.137



I checked this log and this goes back to the start of the year with different usernames. All of them seem to be in Russia. Sometimes this happens several times a day.



The thing is we don’t use usernames we use the email address as the login.

So I know these are bogus.



So I just ended up blocking these ip ranges.

Has anyone else noticed this or even checked their logs?



And if by blocking these ip ranges will this slow down the store as it has to look for the ip addresses first?

2

Yap, I have those to :-? But I just clean the logs and that’s it, day after day they keep trying, I’m guessing it’s some kind of robot.

3

Well I see it does not really matter that I blocked the ip addresses. They just changed to new ip addresses. Tried to hit us again yesterday about 6 times.

adminlog.jpg

4

Here is a list of top 10 spammer IPs. Try to add it to your .htaccess file.



[url]http://www.martfox.com/htaccess/htaccess/[/url]

5

[quote name=‘indy0077’]Here is a list of top 10 spammer IPs. Try to add it to your .htaccess file.



[url]http://www.martfox.com/htaccess/htaccess/[/url][/QUOTE]



Those are very large txt files to add to the .htaccess file. Is this recommended?

And will this slow down the access to the site as it has to do search this entire list every time. Can’t I just block the country…lol

6

I added all in the list, site loads in 2.3 - 2.8 seconds



John

7

You can also try blocking by geoip which is touched on in this thread: [URL=“http://forum.cs-cart.com/showthread.php?t=19351”]http://forum.cs-cart.com/showthread.php?t=19351[/URL]

8

I have the exact same situation.



How dangerous is it?



What are they typically attempting to do?

9

I have started adding the ip addresses to my .htaccess file which has stopped just about all of it.



Example of the ones that I have added



deny from 79.142.68.93

deny from 91.212.226.56

deny from 91.212.226.137

deny from 91.212.226.156

deny from 96.43.138.8

deny from 193.105.210.43

10

I have blocked the IP by using the cpanel and that list too. It slowed them down, now I only maybe get one a month. It may also, be bots.

11

[quote name=‘CutRiteFX’]I have started adding the ip addresses to my .htaccess file which has stopped just about all of it.



Example of the ones that I have added



deny from 79.142.68.93

deny from 91.212.226.56

deny from 91.212.226.137

deny from 91.212.226.156

deny from 96.43.138.8

deny from 193.105.210.43[/QUOTE]



Exactly where do you add the above?



I seem to have more than one .htaccess file.

12

[quote name=‘Traveler’]Exactly where do you add the above?



I seem to have more than one .htaccess file.[/QUOTE]



I added this to the file in the root directory of the store.

I added these at the bottom of the .htaccess file

13

Is this the correct htacess file?









DirectoryIndex index.html index.php





RewriteEngine on

Some hostings require RewriteBase to be uncommented

Example:

Your store url is [url]http://www.yourcompany.com/store/cart[/url]

So “RewriteBase” should be:

RewriteBase /store/cart

RewriteBase /

RewriteCond %{REQUEST_FILENAME} !.(png|gif|ico|swf|jpe?g|js|css)$

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . index.php?sef_rewrite=1 [L,QSA]



RewriteCond %{REQUEST_FILENAME} ./catalog/.

RewriteCond %{REQUEST_FILENAME} -d

RewriteCond %{REQUEST_FILENAME}/index.html !-f

RewriteRule . index.php?sef_rewrite=1 [L,QSA]







RewriteCond %{HTTP_HOST} ^mydomain.com$ [OR]

RewriteCond %{HTTP_HOST} ^www.mydomain.com$

14

[quote name=‘Traveler’]Is this the correct htacess file?









DirectoryIndex index.html index.php





RewriteEngine on

Some hostings require RewriteBase to be uncommented

Example:

Your store url is [URL]http://www.yourcompany.com/store/cart[/URL]

So “RewriteBase” should be:

RewriteBase /store/cart

RewriteBase /

RewriteCond %{REQUEST_FILENAME} !.(png|gif|ico|swf|jpe?g|js|css)$

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . index.php?sef_rewrite=1 [L,QSA]



RewriteCond %{REQUEST_FILENAME} ./catalog/.

RewriteCond %{REQUEST_FILENAME} -d

RewriteCond %{REQUEST_FILENAME}/index.html !-f

RewriteRule . index.php?sef_rewrite=1 [L,QSA]







RewriteCond %{HTTP_HOST} ^mydomain.com$ [OR]

RewriteCond %{HTTP_HOST} ^www.mydomain.com$[/quote]

Yes, it is the right one (must be in the root of your CS-Cart installation).

15

[quote name=‘indy0077’]Yes, it is the right one (must be in the root of your CS-Cart installation).[/QUOTE]



My cart is one step below public_html it is not in a store folder. For example the Htaccess file is on the same level as my skins, core file etc…





So it sounds like I am OK.



I will give it a try.

16

[quote name=‘CutRiteFX’]I have started adding the ip addresses to my .htaccess file which has stopped just about all of it.



Example of the ones that I have added



deny from 79.142.68.93

deny from 91.212.226.56

deny from 91.212.226.137

deny from 91.212.226.156

deny from 96.43.138.8

deny from 193.105.210.43[/QUOTE]



I added all the above plus these three: Note I had some duplicates from your lists, I wonder are they focusing their attacks on CS cart?



My list:



deny from 79.142.68.93

deny from 91.212.226.56

deny from 91.212.226.137

deny from 91.212.226.156

deny from 96.43.138.8

deny from 193.105.210.43

deny from 91.201.66.191

deny from 85.238.125.11

deny from 188.143.233.3

deny from 83.10.38.205

deny from 91.201.66.67

deny from 188.228.33.237

deny from 173.242.114.120

17

Just a heads up. This is still going on. And am noticing more traffic.

Really hate these people. Wish I could reach into their computers and crush their drives.

Just updated my htacess file.