Jump to content

Admin Breach

BenHarris

By BenHarris
in General Discussion

 Share

Recommended Posts

bear Senior Member

bear

Posted
Posted
I also had a thought. If you move your admin directory, you could make a spoof admin directory, so they would be mindlesly brute forcing a form.

 

Did that very thing for certain scripts that were being abused. Simply create a txt file and give it write perms (in this example: logthis.txt), then have this php file in the same dir (blue bits are optional, if you want to let them know they were caught):

Your IP address is: <?php echo $_SERVER['REMOTE_ADDR']; ?><br><br>

That resolves to this host: <?php echo strtoupper(gethostbyaddr($_SERVER['REMOTE_ADDR'])); ?><br><br>

 

It's been recorded that you've tried to submit spam via this form handler, and the above host will be notified about your activity.<br>

Have a nice day!

 

<?php $logfile = ("logthis.txt"); $fp = fopen($logfile,"a"); fputs ($fp, date('m-d-y@H:i:sT')." - ".($ip = $_SERVER['REMOTE_ADDR'])." - ".strtoupper(gethostbyaddr($ip))." - ".$_SERVER['HTTP_REFERER']."\n"); fclose($fp); ?>

 

Instead of letting them know they were caught, you might instead simply show the "failed login" text or push them to Google or something like that.

Enjoy! :twisted:

0
Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
Good idea bear - Would it be possible to log the usernames and passwords that they've tried too?

 

For that you'd need to have a form there to fill out, and then write the POST vars to the file as well. The way I'd been using the one above was to set up an .htaccess redirect if they called the abused mail script directly. It was a PERL script that was being remotely submitted.

 

For this to work on the logins, simply make a copy of the WHMCS login form as the main page in your "foo" admin area, and have it submit to the script, and have it append the login details along with the IP and all that.

0
Link to comment
Share on other sites
  • 3 months later...
mountainhost Junior Member

mountainhost

Posted
Posted

Another alternative to security for your admin folder would be to allow only certain IP codes in your htaccess and block all others.

I have a website that can create allow only country codes http://www.countryipblocks.net, this for me stopped all the hackers from turkey.

They can still hop on the back of a US ip, but then I narrow the list down to just use my ISP address so I can access it and the IP of the Licensing Server.

 

Just a thought.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept