I just decided to take a look at our logs and see SEVERAL failed logins
Example:
User: zhzamhxontg
IP address: 91.212.226.137
User: AndyCrepsy
IP address: 83.10.38.205
User: Bumboelenen
IP address: 91.212.226.137
I checked this log and this goes back to the start of the year with different usernames. All of them seem to be in Russia. Sometimes this happens several times a day.
The thing is we don’t use usernames we use the email address as the login.
So I know these are bogus.
So I just ended up blocking these ip ranges.
Has anyone else noticed this or even checked their logs?
And if by blocking these ip ranges will this slow down the store as it has to look for the ip addresses first?
Yap, I have those to :-? But I just clean the logs and that’s it, day after day they keep trying, I’m guessing it’s some kind of robot.
Well I see it does not really matter that I blocked the ip addresses. They just changed to new ip addresses. Tried to hit us again yesterday about 6 times.
Here is a list of top 10 spammer IPs. Try to add it to your .htaccess file.
[url]http://www.martfox.com/htaccess/htaccess/[/url]
[quote name=‘indy0077’]Here is a list of top 10 spammer IPs. Try to add it to your .htaccess file.
[url]http://www.martfox.com/htaccess/htaccess/[/url][/QUOTE]
Those are very large txt files to add to the .htaccess file. Is this recommended?
And will this slow down the access to the site as it has to do search this entire list every time. Can’t I just block the country…lol
I added all in the list, site loads in 2.3 - 2.8 seconds
John
You can also try blocking by geoip which is touched on in this thread: [URL=“http://forum.cs-cart.com/showthread.php?t=19351”]http://forum.cs-cart.com/showthread.php?t=19351[/URL]
I have the exact same situation.
How dangerous is it?
What are they typically attempting to do?
I have started adding the ip addresses to my .htaccess file which has stopped just about all of it.
Example of the ones that I have added
deny from 79.142.68.93
deny from 91.212.226.56
deny from 91.212.226.137
deny from 91.212.226.156
deny from 96.43.138.8
deny from 193.105.210.43
I have blocked the IP by using the cpanel and that list too. It slowed them down, now I only maybe get one a month. It may also, be bots.
[quote name=‘CutRiteFX’]I have started adding the ip addresses to my .htaccess file which has stopped just about all of it.
Example of the ones that I have added
deny from 79.142.68.93
deny from 91.212.226.56
deny from 91.212.226.137
deny from 91.212.226.156
deny from 96.43.138.8
deny from 193.105.210.43[/QUOTE]
Exactly where do you add the above?
I seem to have more than one .htaccess file.
[quote name=‘Traveler’]Exactly where do you add the above?
I seem to have more than one .htaccess file.[/QUOTE]
I added this to the file in the root directory of the store.
I added these at the bottom of the .htaccess file
Is this the correct htacess file?
DirectoryIndex index.html index.php
RewriteEngine on
Some hostings require RewriteBase to be uncommented
Example:
Your store url is [url]http://www.yourcompany.com/store/cart[/url]
So “RewriteBase” should be:
RewriteBase /store/cart
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !.(png|gif|ico|swf|jpe?g|js|css)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php?sef_rewrite=1 [L,QSA]
RewriteCond %{REQUEST_FILENAME} ./catalog/.
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteRule . index.php?sef_rewrite=1 [L,QSA]
RewriteCond %{HTTP_HOST} ^mydomain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.mydomain.com$
[quote name=‘Traveler’]Is this the correct htacess file?
DirectoryIndex index.html index.php
RewriteEngine on
Some hostings require RewriteBase to be uncommented
Example:
Your store url is [URL]http://www.yourcompany.com/store/cart[/URL]
So “RewriteBase” should be:
RewriteBase /store/cart
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !.(png|gif|ico|swf|jpe?g|js|css)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php?sef_rewrite=1 [L,QSA]
RewriteCond %{REQUEST_FILENAME} ./catalog/.
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteRule . index.php?sef_rewrite=1 [L,QSA]
RewriteCond %{HTTP_HOST} ^mydomain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.mydomain.com$[/quote]
Yes, it is the right one (must be in the root of your CS-Cart installation).
[quote name=‘indy0077’]Yes, it is the right one (must be in the root of your CS-Cart installation).[/QUOTE]
My cart is one step below public_html it is not in a store folder. For example the Htaccess file is on the same level as my skins, core file etc…
So it sounds like I am OK.
I will give it a try.
[quote name=‘CutRiteFX’]I have started adding the ip addresses to my .htaccess file which has stopped just about all of it.
Example of the ones that I have added
deny from 79.142.68.93
deny from 91.212.226.56
deny from 91.212.226.137
deny from 91.212.226.156
deny from 96.43.138.8
deny from 193.105.210.43[/QUOTE]
I added all the above plus these three: Note I had some duplicates from your lists, I wonder are they focusing their attacks on CS cart?
My list:
deny from 79.142.68.93
deny from 91.212.226.56
deny from 91.212.226.137
deny from 91.212.226.156
deny from 96.43.138.8
deny from 193.105.210.43
deny from 91.201.66.191
deny from 85.238.125.11
deny from 188.143.233.3
deny from 83.10.38.205
deny from 91.201.66.67
deny from 188.228.33.237
deny from 173.242.114.120
Just a heads up. This is still going on. And am noticing more traffic.
Really hate these people. Wish I could reach into their computers and crush their drives.
Just updated my htacess file.