My site was recently hacked in a creloaded script directory, and my site was reprovisioned. Prior to that, and currently I see alot of hits in the error log on url's lite /mysite/some+term.php. All are different variants, and different ip's. I have seen an increase over the last 3 months. The hack was done in an images directory, and alot the urls point into other image directories.
Any ideas, or concerns for this issue, or is it common among most sites.
Full Version: Hits To Fake Pages On Site
If I was into hacking peoples' sites, I'd probably have a script that goes around automatically looking for leftover or exposed install files, config files, or other admin files that I could mess around with. But I'm not.
I suppose you could block any suspect IPs, but like you said they're different so that could be time consuming. Off the bat you should make sure everything you have installed is secure and that they won't find anything useful.
I don't have stuff like that showing up in my logs, but then you've been hacked once already so you could just have enemies.
I suppose you could block any suspect IPs, but like you said they're different so that could be time consuming. Off the bat you should make sure everything you have installed is secure and that they won't find anything useful.
I don't have stuff like that showing up in my logs, but then you've been hacked once already so you could just have enemies.
Tim has a good point. The install scripts all have well known names. It's very important any time we install a script that we follow the instructions carefully. One script I recently used said "When you finish, remove the install.php script or " you could get hacked.
Phishing for known filenames is not that uncommon.
Phishing for known filenames is not that uncommon.
Hello,
As timhodge says, such pokings are trying to find holes or unsecured areas.
One thing is to make sure all folders have index.html to stop people browsing them.
Are you using some form of a CMS or gallery script?
JimE
As timhodge says, such pokings are trying to find holes or unsecured areas.
One thing is to make sure all folders have index.html to stop people browsing them.
Are you using some form of a CMS or gallery script?
JimE
I use a gallery script, and have directory indexing off. I don't have any remaining install scripts left. Just thought it a little odd to have all of these errors in the log.
Unscruplous people will always try to find pages that don't exist. Fact of Internet life.
It's good that you don't have the install scripts laying around or they could wipe out your install.
It's good that you don't have the install scripts laying around or they could wipe out your install.
QUOTE(pickupman @ Apr 4 2006, 02:03 PM) 
I use a gallery script, and have directory indexing off. I don't have any remaining install scripts left. Just thought it a little odd to have all of these errors in the log.
And if you didn't have directory indexing off or you didn't remove the install scripts, you might be in trouble. They're just fishing. Be vigilant, but don't lose too much sleep over it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.