Print

[whats_up_skip]

I am having lots of bots attacking my site unsuccessfully. They keep hitting the login.php file.

Is there any solution?

Does simply removing the link on the site to login.php fix it? I would have though the bots still know the file is there.

I am running 1.4.3. I thought that while I am upgrading I might implement some other fixes.

[Joachim Müller]

1) Upgrade to the most recent stable (currently cpg1.4.5) first - it's the most important security fix
2) Make sure your password is at least 8 chars long, contains upper and lower case and both letters and numbers. It mustn't be in a dictionary. Strong passwords are harder (or quite impossible) to guess - only a brute force-attack can break them, which is not a likely thing to happen.
3) Removing the login link will help, as well as renaming the file "login.php" to something random (e.g. "kjfsghdfskdf.php"), if the bots you refer to have been designed to attack coppermine installs

What kind of bots hit your login page? If they're wanted bots (like search engine spiders), you can keep them from accessing the login page by denying them access to it in robots.txt

[whats_up_skip]

Thanks for the ideas.

I tried renaming the login.php file, but then I could not log in. Is there something more to it than that?

The password is strong as they are not breaking it. It is just the load on the server.

I have the robot.txt file set up ok and the bots are normally coming from Russia and Eastern Europe or someones machine that is infected.