1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Hackers using /admin/ on every url on site - How to stop?

Discussion in 'Apache' started by ridesign, Sep 19, 2009.

  1. #1
    I have hundreds on entries on my 404 page of people trying to access /admin/ on every url on my site in the shop category, is there a way to either ban or block them.
    Or use htaccess to redirect them to another place?

    What is the best option?

    e.g.
    SEMrush
    /shop/new-post/4/37819/admin/
    /shop/new-world-software/7/23234/admin/
     
    ridesign, Sep 19, 2009 IP
    SEMrush
  2. rstein68

    rstein68 Peon

    Messages:
    1,691
    Likes Received:
    22
    Best Answers:
    0
    Trophy Points:
    0
    #2
    It would probably be a good idea to set up a 404-redirect to your homepage, although, that won't stop the problem of people trying to access your admin panel to your site. I'd suggest that if you do have a folder named 'admin' on your site that you block it via your robots.txt file so that there are no traces of it in the search engines; if at all possible, rename it to something hard to guess.

    As far as the IPs of the people doing this...you might want to block an entire range of IPs (possibly GEO-block) to prevent them from even accessing your site.
     
    rstein68, Sep 19, 2009 IP
    ridesign likes this.
  3. ridesign

    ridesign Peon

    Messages:
    294
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    thanks, will have a look into that
     
    ridesign, Sep 19, 2009 IP
  4. Asako

    Asako Peon

    Messages:
    267
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    beside having php coded password protected page. you can also use .htaccess passworded directory
     
    Asako, Sep 20, 2009 IP
  5. NatalicWolf

    NatalicWolf Peon

    Messages:
    262
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Well...You could add a rewrite rule...Thats probably the best way to handle it.

    RewriteEngine On
    RewriteRule ^admin$ - [F]


    Message me if you need help with it.
     
    NatalicWolf, Sep 20, 2009 IP
  6. ridesign

    ridesign Peon

    Messages:
    294
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    will have a look into modifying my htaccess
     
    ridesign, Sep 21, 2009 IP
  7. rathin

    rathin Peon

    Messages:
    1,377
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #7
    better if have dedicated server install mod_security it will do the reset of the job
     
    rathin, Sep 22, 2009 IP