Is there anything which would block potential web hacker

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I see on occasions potential hackers trying to hack things like wordpress.
Now i know that they are up to no good, as i don't have wordpress installed, so why would they be looking.

Is there anything i could install, where by i configured a list and anyone trying to access anything on that list would be locked out.
I was hoping CSF did this, but the CSF forum isn't particularly helpful.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I already have OWASP configured. I've had to disable about 5 rules to fix a few googlebot issues.
However, I don't understand OWASP at all.
It's voodoo and makes no sense to me.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
here is a typical example.
Code:
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/admin/fckeditor
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/admin/fckeditor
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fck
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fck
[Thu Apr 23 15:55:22 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fckeditor
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/fckeditor
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manage
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manage
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/system
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/system
[Thu Apr 23 15:55:23 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/admin/fckeditor
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manager
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/manager
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/admin/fckeditor
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/administrator
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fck
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/administrator
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fck
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/web
[Thu Apr 23 15:55:24 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fckeditor
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/web
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/fckeditor
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/CKeditor
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manage
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc1/public_html/CKeditor
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manage
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/system
[Thu Apr 23 15:55:25 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/system
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manager
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/manager
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/administrator
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/administrator
[Thu Apr 23 15:55:26 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/web
[Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/web
[Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/CKeditor
[Thu Apr 23 15:55:27 2015] [error] [client 23.108.x.x] File does not exist: /home/useracc2/public_html/CKeditor
[\code]
Quite clearly trying to do something they shouldn't.
if it were possible to write a custom rule along the lines

if hacker tries to access /*/public_html/administrator then blacklist.
I can't imagine it would be too difficult for someone who knew what they were doing.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I had seen this but I guess genuine traffic could be blacklisted too if set too low.
CSF recommends 60-1000 404 hits before blacklisting, which i think is quite high.
 

Infopro

Well-Known Member
May 20, 2003
17,091
516
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Indeed. If a client of yours is working on his new site and has too many images not loading properly for whatever reason on each page load, he can be blocked. Tmp ban or Perm block is your call.

Me, I'm set to a low number and Perm block, everything. That IP in your example above would be blocked by CSF after x 404s.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
To be fair, i have no clients.
The server belongs to my company, and hosts only our own commerce web sites, so I'm tempted to lower the threshold with a temp block and see what happens.
Web site customers would soon let us know that they can't connect i'm sure.
 

keat63

Well-Known Member
Nov 20, 2014
1,913
259
113
cPanel Access Level
Root Administrator
I found a few apple-png file errors this morning, so i've created image files to fix this.
And a few naughty boy entries.