Is there anything which would block potential web hacker

keat63 · Apr 23, 2015

I see on occasions potential hackers trying to hack things like wordpress.
Now i know that they are up to no good, as i don't have wordpress installed, so why would they be looking.

Is there anything i could install, where by i configured a list and anyone trying to access anything on that list would be locked out.
I was hoping CSF did this, but the CSF forum isn't particularly helpful.

cPanelMichael · Apr 23, 2015

Hello,

Have you considered using Mod_Security? There's some useful information on this thread should you choose to utilize the OWASP ruleset:

https://forums.cpanel.net/threads/owasp-mod-security-and-wordpress.452091/

Thank you.

keat63 · Apr 24, 2015

I already have OWASP configured. I've had to disable about 5 rules to fix a few googlebot issues.
However, I don't understand OWASP at all.
It's voodoo and makes no sense to me.

keat63 · Apr 24, 2015

here is a typical example.

Code:

[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/admin/fckeditor
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/admin/fckeditor
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fck
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fck
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fckeditor
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fckeditor
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manage
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manage
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/system
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/system
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/admin/fckeditor
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manager
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manager
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/admin/fckeditor
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/administrator
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fck
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/administrator
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fck
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/web
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fckeditor
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/web
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fckeditor
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/CKeditor
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manage
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/CKeditor
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manage
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/system
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/system
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manager
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manager
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/administrator
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/administrator
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/web
[Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/web
[Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/CKeditor
[Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/CKeditor
[\code]

Quite clearly trying to do something they shouldn't.
if it were possible to write a custom rule along the lines

if hacker tries to access /*/public_html/administrator then blacklist.
I can't imagine it would be too difficult for someone who knew what they were doing.

Infopro · Apr 24, 2015

In your CSF settings, search for 404. You can block after x number of 404s if you like.

keat63 · Apr 24, 2015

I had seen this but I guess genuine traffic could be blacklisted too if set too low.
CSF recommends 60-1000 404 hits before blacklisting, which i think is quite high.

Infopro · Apr 24, 2015

Indeed. If a client of yours is working on his new site and has too many images not loading properly for whatever reason on each page load, he can be blocked. Tmp ban or Perm block is your call.

Me, I'm set to a low number and Perm block, everything. That IP in your example above would be blocked by CSF after x 404s.

keat63 · Apr 24, 2015

To be fair, i have no clients.
The server belongs to my company, and hosts only our own commerce web sites, so I'm tempted to lower the threshold with a temp block and see what happens.
Web site customers would soon let us know that they can't connect i'm sure.

Infopro · Apr 24, 2015

Visit your site and click around everywhere, then check your error logs to make sure things are working as they should be (no errors for missing files, images, dead links, etc.) first.

keat63 · Apr 24, 2015

with 4500 products, it's easier to chance it.

Infopro · Apr 24, 2015

This is sure to point you to those pages with issues over time then. Keep an eye on your logs.

keat63 · Apr 27, 2015

I found a few apple-png file errors this morning, so i've created image files to fix this.
And a few naughty boy entries.

Thread starter	Similar threads	Forum	Replies	Date
M	Updated root password via WHM and anything now	Security	3	Apr 1, 2020
T	Disable bots from accessing anything on the server	Security	1	Feb 21, 2020
M	VPS with cPanel, anything else do I need?	Security	3	Dec 27, 2019
P	spamhaus block the server, but I don't find anything wrong	Security	7	Apr 4, 2012
T	How to block an ip for accessing cpanel or anything else on server	Security	2	Jul 29, 2003

Search

Search

Is there anything which would block potential web hacker

keat63

Well-Known Member

cPanelMichael

Administrator

keat63

Well-Known Member

keat63

Well-Known Member

Infopro

Well-Known Member

keat63

Well-Known Member

Infopro

Well-Known Member

keat63

Well-Known Member

Infopro

Well-Known Member

keat63

Well-Known Member

Infopro

Well-Known Member

keat63

Well-Known Member