sjk Posted October 25, 2012 Share Posted October 25, 2012 For some reason, I keep getting about 4 failed admin login attempts a day. I've renamed the admin folder and they still find it. Has anyone got any tips how I can stop these from happening? I'm so far just banning all of the IP's (they're coming from Japan) but that's like shovelling snow when it's still snowing. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted October 25, 2012 Share Posted October 25, 2012 Restrict the IP that can access it to your own if possible, or also add in an http auth (password protect) to access it. Is your installation on it's own VPS or dedicated, or is it on the same server as hosted customers of any sort? 0 Quote Link to comment Share on other sites More sharing options...
penguin Posted October 27, 2012 Share Posted October 27, 2012 I would also be concerned as to how they are finding the new urls to your admin area.... You need to find out how this is being obtained, whether it be from a sitemap.xml for example or another method. 0 Quote Link to comment Share on other sites More sharing options...
disgruntled Posted October 27, 2012 Share Posted October 27, 2012 That is ofcourse assuming you have changed the admin directory, in any case. you can password auth the admin directory as a primary layer of security. Step one, ensure whmcs is updated to the current release, pre V5 has a hole to which a patch was released, but if you were breached before the patch was applied then the patch is useless except to prevent further breaches, any previous breach can still be exploited. You may have your security team run an audit on the server and in particular the whmcs installation to verify the installation is secure prior to updating it. If it is breached i would consider starting afresh with a complete new installation or have your security team remove anything that should not be there. Once all of the issues are resolved i would still overwrite the files with known safe files for the corresponding installation. Once you have that covered you can then run a comparison and manually remove anything that should not be there that may have been missed, its better to be over cautious and sure than just assume you got everything. Step two, rename the admin directory (i suggest you MD5 a passphrase of your choice that you will easily remember and use the hash as the directory name), move the templates directory above the webroot and update the configuration file. you may need to re-issue the license at whmcs. Step three password auth the directory. this is simple enough and is just another layer of security Step four Always use SSL to connect to the admin area i cant stress this enough, an unsecure connection can undo all your precautions if somebody is intercepting the data to and from your server. a simple protocol redirect can make all non secure connections redirect to a secure protocol. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted October 27, 2012 Share Posted October 27, 2012 move the templates directory above the webroot To clarify, I think you mean the "templates_c" directory (along with attachments and downloads). That is ofcourse assuming you have changed the admin directory He mentioned he did. ("I've renamed the admin folder and they still find it.") 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.