Support > cpg1.6 permissions

Advance security with login page

(1/3) > >>

Hanna.:
Hi all. I am sorry to tell but my server had to suspend my uptime with multiple pages that run with Coppermine. Massive attacks and attempts on login.php/admin.php.

I am seeking support for this issue in order to get my web sites back up. What are the options of masking/moving/renaming the login.php or something like that to avoid these massive attacks? It is not about the username/passwords, it is simply about running the login.php/admin.php and abusing them.

I have blocked about 100 IPs, but it won't solve this. Please help.

phill104:
Was a hacking attempt successful or is there just a huge load being placed on your server due to attempt?

Hanna.:

--- Quote from: Phill Luckhurst on March 13, 2019, 10:35:56 pm ---Was a hacking attempt successful or is there just a huge load being placed on your server due to attempt?

--- End quote ---

Thankfully not successfull! I got 10+ coppermines on my cloud. However my provider totally suspended me because the abuse was outrageous (huge amounts of attacks, fake traffic etc.) and if this happens again I will be put in court to answer for this because of the choice of scripts I am using. (Coppermine is one of them.) - Not safe because the way to attack is always their attempts on login.php/admin.php even though I deleted the menu off my theme for now, and blocked a bunch of IPs.

phill104:
Without knowing exactly what the attack it is very hard for us to comment. Generally Coppermine is a very secure package. While there have been breaches over the years the team have been very quick to patch them. All vendors are the same whether free or paid. So as long as your installs are up to date you should not have a problem.


If at some point your system have been compromised it is important to identify the leak and to remove all traces of the attack (the payload) from your system. This can be very time consuming and requires a certain level of skill. If your sites have been compromised then this is a route you should go down, and by the sounds of it you will need to find someone to help you with the task. If your sites are secure and your host is blaming you because external forces are trying, and failing to attack you, then no court will hold you responsible.

ron4mac:
For guarding my sites (mostly Joomla) I use a small script that informs me of any added or changed files. I can fire it off with a cron job and it emails me daily with a status. It works well for sites where files seldom get changed (such as CPG or Joomla sites). If there is a folder that regularly gets changes (like CPG albums), it can be marked for exclusion from the scan. If anyone is interested, I can post the script here.


Here's that script.
I wrote it with an md5 file check option but I only ever use file size.

Navigation

[0] Message Index

[#] Next page