The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is there anything which would block potential web hacker

Discussion in 'Security' started by keat63, Apr 23, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I see on occasions potential hackers trying to hack things like wordpress.
    Now i know that they are up to no good, as i don't have wordpress installed, so why would they be looking.

    Is there anything i could install, where by i configured a list and anyone trying to access anything on that list would be locked out.
    I was hoping CSF did this, but the CSF forum isn't particularly helpful.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,743
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I already have OWASP configured. I've had to disable about 5 rules to fix a few googlebot issues.
    However, I don't understand OWASP at all.
    It's voodoo and makes no sense to me.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    here is a typical example.
    Code:
    [Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/admin/fckeditor
    [Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/admin/fckeditor
    [Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fck
    [Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fck
    [Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fckeditor
    [Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fckeditor
    [Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manage
    [Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manage
    [Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/system
    [Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/system
    [Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/admin/fckeditor
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manager
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manager
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/admin/fckeditor
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/administrator
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fck
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/administrator
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fck
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/web
    [Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fckeditor
    [Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/web
    [Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fckeditor
    [Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/CKeditor
    [Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manage
    [Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/CKeditor
    [Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manage
    [Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/system
    [Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/system
    [Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manager
    [Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manager
    [Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/administrator
    [Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/administrator
    [Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/web
    [Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/web
    [Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/CKeditor
    [Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/CKeditor
    [\code]
    Quite clearly trying to do something they shouldn't.
    if it were possible to write a custom rule along the lines

    if hacker tries to access /*/public_html/administrator then blacklist.
    I can't imagine it would be too difficult for someone who knew what they were doing.
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In your CSF settings, search for 404. You can block after x number of 404s if you like.
     
  6. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I had seen this but I guess genuine traffic could be blacklisted too if set too low.
    CSF recommends 60-1000 404 hits before blacklisting, which i think is quite high.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Indeed. If a client of yours is working on his new site and has too many images not loading properly for whatever reason on each page load, he can be blocked. Tmp ban or Perm block is your call.

    Me, I'm set to a low number and Perm block, everything. That IP in your example above would be blocked by CSF after x 404s.
     
  8. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    To be fair, i have no clients.
    The server belongs to my company, and hosts only our own commerce web sites, so I'm tempted to lower the threshold with a temp block and see what happens.
    Web site customers would soon let us know that they can't connect i'm sure.
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Visit your site and click around everywhere, then check your error logs to make sure things are working as they should be (no errors for missing files, images, dead links, etc.) first. ;)
     
  10. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    with 4500 products, it's easier to chance it.
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,460
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This is sure to point you to those pages with issues over time then. Keep an eye on your logs. :cool:
     
  12. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I found a few apple-png file errors this morning, so i've created image files to fix this.
    And a few naughty boy entries.
     
Loading...

Share This Page