Hackers using /admin/ on every url on site - How to stop?

Discussion in 'Apache' started by ridesign, Sep 19, 2009.

  1. #1
    I have hundreds on entries on my 404 page of people trying to access /admin/ on every url on my site in the shop category, is there a way to either ban or block them.
    Or use htaccess to redirect them to another place?

    What is the best option?

    e.g.

    /shop/new-post/4/37819/admin/
    /shop/new-world-software/7/23234/admin/
     
    ridesign, Sep 19, 2009 IP
  2. rstein68

    rstein68 Peon

    Messages:
    1,691
    Likes Received:
    22
    Best Answers:
    0
    Trophy Points:
    0
    #2
    It would probably be a good idea to set up a 404-redirect to your homepage, although, that won't stop the problem of people trying to access your admin panel to your site. I'd suggest that if you do have a folder named 'admin' on your site that you block it via your robots.txt file so that there are no traces of it in the search engines; if at all possible, rename it to something hard to guess.

    As far as the IPs of the people doing this...you might want to block an entire range of IPs (possibly GEO-block) to prevent them from even accessing your site.
     
    rstein68, Sep 19, 2009 IP
    ridesign likes this.
  3. ridesign

    ridesign Peon

    Messages:
    294
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    thanks, will have a look into that
     
    ridesign, Sep 19, 2009 IP
  4. Asako

    Asako Peon

    Messages:
    266
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    beside having php coded password protected page. you can also use .htaccess passworded directory
     
    Asako, Sep 20, 2009 IP
  5. NatalicWolf

    NatalicWolf Peon

    Messages:
    262
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Well...You could add a rewrite rule...Thats probably the best way to handle it.

    RewriteEngine On
    RewriteRule ^admin$ - [F]


    Message me if you need help with it.
     
    NatalicWolf, Sep 20, 2009 IP
  6. ridesign

    ridesign Peon

    Messages:
    294
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    will have a look into modifying my htaccess
     
    ridesign, Sep 21, 2009 IP
  7. rathin

    rathin Peon

    Messages:
    1,377
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #7
    better if have dedicated server install mod_security it will do the reset of the job
     
    rathin, Sep 22, 2009 IP