Hacked Site - question

I have posted a few items about my site being hacked (1.3.5). I am now running 2.09 and it looks like from the server logs that the hacker is trying to break into the shopping cart again.



Can anyone tell me what the purpose of hitting this url several times:

[url]https://www.stevescartshop.com/index.php?dispatch=auth.login_form&return_url=index.php%3Fdispatch%3Dproducts.view%26product_id%3D30523[/url]



He is going through a proxy and have tried with several IP addresses with the same url.

most probably its the yahoo crawler. it happens to us too. if you look at the pages that the ip is looking at, it also goes to other pages on your site. if this is the case then most probably its the yahoo or any other web crawler.



because it looks like its crawling the client side not the administrator side. so there is no problem. Relax.

The ip address (118.96.154.153) comes from Indonesia.

And this is the browser: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.15) Gecko/2009101601 Firefox/3.0.15

If you have a static IP you can lock the admin panel so it can only be accessed by that ip.



Also under admin.addons you can set so it to ban an ip after a few bad password attempts.



You can also completely ban Indonesia from your store using access restrictions

Basically in a nutshell, these hackers often do search engine searches with specific queries looking for cached data that might indicate which sites are running vulnerable versions of programs (such as your previous 1.3.5 version) …



You are still on those “hacking lists” for a while even after you upgrade so it is not surprising to see some bonehead script kiddie hacker trying to hack you.



If you have moved on to 2.0.9, you are probably “ok” (comparatively speaking)



However, if you want to be more certain of things —



This past week, I gave CyberLNC access to security technologies that specifically watch out these types of attacks and take proactive action. There are a number of other hosts out there using my security technologies as well but I’ve just recently made an agreement with CyberLNC to allow them exclusive “first distribution” access for all new releases and security updates ahead of other hosts.



Even if not at CyberLNC or any of my other web host clients, there is still much that can be done to make the hackers miserable :wink:



Do you have administrator access to the server itself?



If so, there is a whole lot you can do!



If not, you can still do a few things to help limit such activity and attempts.



Out of curiosity, do you know if GEOIP is installed on the server where you are at?



GEOIP is not a “security” program per say but it is useful to let you control access

to your site by “COUNTRY” or “CONTINENT” instead of just by IP, TLD, or CIDR.

I do not have access to the server and GEOIP is not an installed application.



I have been spending most my of time rebuilding the site and products since it would not upgrade from 1.3.5 to 2.09.



Now I am going to read all the posts on security and do something to make it more secure.



Thanks for the info.