While checking my awstats on one of my sites I saw two instances of authenticated users that I did not recognize. One was for mrbean and the other was just "". I contacted support at my hosting company and they said these are failed attempts to authenticate by people trying to brute force .htaccess protected directories. Should I have any concerns? Has anyone here at DP ever seen this?
You shouldn't have to worry too much as long as your passwords are strong (numbers and leters, uppercase and lowercase.. and a special character for good measure). Most sites won't get the attention of bruteforcers, unless you got some adult sites. BTW Mr Bean's real name is Rowan Atkinson if it might help you catch the culprit
I dont have any adult sites... it's a fitness related site. I think I am going to revamp my htaccess passwords right now and make them even stronger. thanks for the advice infin8
That's a good idea... Also, If you notice the bruteforce attempts to increase and become a problem, you can add security code that will block an IP address after a number of unsuccessful attempts. You should only have to block for a few minutes to discourage bruteforce bots. However, only having 2 unrecognized usernames, you're probably not under attack, because bots use thousands of combinations. It was most likely just one curious person typing in some random names. Good luck with it all, hope your site does well for you now and in the future.
Your web logs will log it even if it was a page that didn't require authentication if the HTTP request sends it anyway. For example (depending on your browser), this would do it... http://mrbean@www.digitalpoint.com
I have had the same problem and someone has browsed the pages of my directory as well... Authenticated users : 3 Pages Hits Bandwidth Last visit sreedhar_reddy_m 6306 6306 57.77 MB 28 Jun 2007 - 11:55 "" 7 7 118.70 KB 27 Jun 2007 - 13:44 1 1 14.29 KB 04 Jun 2007 - 01:18 Other logins (and/or anonymous users) 218678 394298 2.22 GB