• twitter image
  • facebook image
  • youtube image
  • linkedin image
Language: CMS Made Simple Czech CMS Made Simple France CMS Made Simple Spain CMS Made Simple Hungary CMS Made Simple Russia CMS Made Simple Netherlands

All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: Admin Security
PostPosted: Tue Feb 11, 2020 11:21 pm 
Offline
Forum Members
Forum Members

Joined: Sun Feb 03, 2008 8:14 pm
Posts: 78
Anyone else experiencing "bots" trying to log in to Admin ?

I noticed a while ago on a number of my CMSMS installs (all v2.2.10 +) that the admin log showed some failed logins, but from IP addresses that certainly aren't me nor my clients.

I installed a simple event linked UDT similar to https://cmscanbesimple.org/blog/admin-f ... tification so I now get emails whenever "someone" tries. Sometimes I get 3 or 4 attempts per website per day - nearly always from the Ukraine - they never succeed.

Whenever they try I add yet another IP address to my .htaccess file to block them from trying again - but doubtless they have access to far more IP addresses than I have patience to keep adding to the .htaccess

There is no doubt that it is dumb bot probing mainly because they keep repeating the same failed sign in and also it is only occasional rather than brute force.

If this keeps up I'll change the game rather than keep playing the "add to htaccess block list" game. I am aware that I can easilly
  • Rename the /admin folder they know it is cmsms therefore the know admin access is via URL with a "/admin" suffix - so I can rename the folder and update config file - and then just revert to the /admin/ naming whenever I do a core upgrade
  • Other easy win would be to add a .htaccess within /admin that limits access to only a very short list of IP locations approved to do admin - probably less than 10 fixed public IP addresses that either I or my clients do admin from - and it is easy to edit this list if I need to do some admin from a bespoke location

So yes I have options - but if these are bots and are they are programmed to recognise cmsms (and doubtless WP; 4square; WIX etc etc) then presumably many others here are also get failed login probing on your installs too ?


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Admin Security
PostPosted: Thu Feb 13, 2020 11:47 pm 
Offline
Dev Team Member
Dev Team Member
User avatar

Joined: Sat Apr 18, 2009 10:09 pm
Posts: 1436
Location: Maidenhead, UK
I use the admin login notification code you linked to on most of my sites. I only see correct logins or logins where a legitimate user gets their password wrong and a few seconds later gets it correct.

I always rename the admin folder. To me it's a no-brainer. So easy to do and so difficult for an attacker to guess what you have renamed it to. They can't break in through the front door if they can't find the front door in the first place. ;)

_________________
To copy System Information to the forum:
https://docs.cmsmadesimple.org/troubles ... nformation

CMS Made Simple Geekmoots attended:
Nottingham, UK 2012 | Ghent, Belgium 2015 | Leicester, UK 2016


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Admin Security
PostPosted: Fri Feb 14, 2020 2:37 pm 
Offline
Forum Members
Forum Members

Joined: Tue Sep 08, 2015 10:41 am
Posts: 124
MantaPro \MantaPro:
Anyone else experiencing "bots" trying to log in to Admin ?

Actually, yes. Plenty of "admin" login attempts starting Feb 11, I've not noticed this before.

Source IP range ranges are 212.156.0.0/18 (TurkTelekom) and 213.248.148.0/24 (Vodafone Net DSL Block - MANISA).


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
 Post subject: Re: Admin Security
PostPosted: Fri Feb 14, 2020 6:41 pm 
Offline
Forum Members
Forum Members

Joined: Tue Sep 08, 2015 10:41 am
Posts: 124
I don't even have a user called "admin", so they failed at the first hurdle.


Top
  Profile  
 
Share On:
Share on Facebook Share on Twitter Share on Google+
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
A2 Hosting