Jump to content

Hits To Fake Pages On Site

pickupman

By pickupman
in Security Discussions

 Share

Recommended Posts

pickupman Apprentice

pickupman

Posted
Posted

My site was recently hacked in a creloaded script directory, and my site was reprovisioned. Prior to that, and currently I see alot of hits in the error log on url's lite /mysite/some+term.php. All are different variants, and different ip's. I have seen an increase over the last 3 months. The hack was done in an images directory, and alot the urls point into other image directories.

Any ideas, or concerns for this issue, or is it common among most sites.

TCH-Tim Mentor

TCH-Tim

Posted
Posted

If I was into hacking peoples' sites, I'd probably have a script that goes around automatically looking for leftover or exposed install files, config files, or other admin files that I could mess around with. But I'm not.

 

I suppose you could block any suspect IPs, but like you said they're different so that could be time consuming. Off the bat you should make sure everything you have installed is secure and that they won't find anything useful.

 

I don't have stuff like that showing up in my logs, but then you've been hacked once already so you could just have enemies.

Deverill Grand Master

Deverill

Posted
Posted

Tim has a good point. The install scripts all have well known names. It's very important any time we install a script that we follow the instructions carefully. One script I recently used said "When you finish, remove the install.php script or " you could get hacked.

 

Phishing for known filenames is not that uncommon.

TCH-JimE Grand Master

TCH-JimE

Posted
Posted

Hello,

 

As timhodge says, such pokings are trying to find holes or unsecured areas.

 

One thing is to make sure all folders have index.html to stop people browsing them.

 

Are you using some form of a CMS or gallery script?

 

JimE

pickupman Apprentice

pickupman

Posted
  • Author
Posted

I use a gallery script, and have directory indexing off. I don't have any remaining install scripts left. Just thought it a little odd to have all of these errors in the log.

TCH-Bruce Grand Master

TCH-Bruce

Posted
Posted

Unscruplous people will always try to find pages that don't exist. Fact of Internet life.

 

It's good that you don't have the install scripts laying around or they could wipe out your install.

TCH-Tim Mentor

TCH-Tim

Posted
Posted
I use a gallery script, and have directory indexing off. I don't have any remaining install scripts left. Just thought it a little odd to have all of these errors in the log.

And if you didn't have directory indexing off or you didn't remove the install scripts, you might be in trouble. They're just fishing. Be vigilant, but don't lose too much sleep over it.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...