Multiple Hacking Attempts Almost Everyday!

lofty3109 · New Member Joined: Nov 18, 2007 Posts: 7 Location: Sweden

Hi there,

I have been using Ravens Php and Sentinel for my company website for about 6 weeks now and almost everyday someone or something is trying to get access to my site. Yesterday it was 7 attempts, 3 on the 4th, 14 on the 3rd Jan and so on, is this normal? They are trying to get access via differents parts of my site, ie Index.php, Modules.php etc, they all seem to be using other sites to try and gain access and have different IP`s.

Any help/info would be appreciated as I don't want to wake up in the morning to find my site has been hacked!

Anthony

kguske · Site Admin Joined: Jun 04, 2004 Posts: 5997

Quite normal, I'm afraid. There are a number of script kiddies who find software (scripts) they can use to attack other sites. It's a shame they don't use their energies for more productive things. Beware of spoofed IPs - I've seen frequent attacks spoofing the IP addresses of search engines. If you block those IPs, that will hurt your search engine rankings.

Dawg · Posted: Tue Jan 08, 2008 6:25 am

That is normal. On my main site I see a hundred or more a day some days. If you are using RN and Sentinel....You are good. I bet Raven sees more than that every day.

Dave

montego · Posted: Tue Jan 08, 2008 6:26 am

lofty3109, welcome to the on-line world that we live in. I am assuming that by "Ravens Php" you really mean "RavenNuke" (the CMS system that is written in the PHP scripting language).

While there are many reasons for someone to get hacked that do not even include the CMS software that you are running, you have at least chosen one of the most secure versions of it out there!

Take it from me that you are probably not even seeing a 10th of the hack attempts being made on your web site unless you look at your web server logs to see all the 404 errors (and others) too... NukeSentinel and RavenNuke are doing its job as long as you do not add to it an insecure module. Always remember that YOU as the web master are responsible for ensuring the security of your web site and that it is only as good as your "weakest link".

You still have to keep good backups of your database and files as a precaution, regardless of what software you are running on it, so that you can recover quickly from any successful hack.

BTW, most of the attacks being made on my site are very old and long since patched up exploits. There are lots of what we call "script kiddies" out there who get out of school and have nothing better to do (why not homework?) than to scour the net for exploit code and try their hand at trying to mess up someone's on-line life. Too bad I don't rule the world because I would make hacking and spamming a capital offense... Wink

Best of luck and regards,
montego

montego · Posted: Tue Jan 08, 2008 6:26 am

oh my God! How funny... three responses all within a minute of each other. ROTFL

lofty3109 · New Member Joined: Nov 18, 2007 Posts: 7 Location: Sweden

Many thanks for the replies, its appreciated.

montego, yes I am using RavenNuke with Sentinel, sorry Embarassed

I feel a whole lot better now knowing I am not the only one, and that RavenNuke is holding up against these "kiddies" Very Happy

kguske · Site Admin Joined: Jun 04, 2004 Posts: 5997

It's really sad they can't find something more productive to do, or to develop tools and techniques for securing sites and preventing attacks. THAT would really be cool.

Susann · Posted: Thu Jan 10, 2008 6:14 am

Kguske I believe some of them go the road. Later on a few are able to find a job as ethical hacker.
But since beginning of the new year it looks sometimes like flood attacks.
Don´t know exactly why because I thought the school holidays are over.