Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Hackers and Script Kiddies - should I worry?  (Read 2993 times)

0 Members and 1 Guest are viewing this topic.

wanglese

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Hackers and Script Kiddies - should I worry?
« on: March 31, 2011, 03:28:33 am »

G'day, apologies if this isn't where I should ask.

For the last 3 months or so I've been getting this in my logs:
"•Mar 31, 2011 at 11:10 AM - Denied privileged access to register.php by user Guest at <IP Adress> "
Of course, the IP addresses vary from time to time.

Captcha is working fine, Akismet is working fine, and I have set "comments from guests" need approval by admin.
Registration also needs Admin approval.

However, every day I get between 60 to 100 entries "Captcha authentication for comment failed for user Guest <IP Address>" and about a dozen failed logins (obviously from spammers using various names). Then there are about a dozen of the above "priveleged access" messages every two days or so.

I set Akismet to "Drop comment that fails to validate, and tell author that it was rejected" instead of the option of awaiting approval to stop the emails coming to my inbox.

So should I worry, or should I go through my logs every so often and ban IP addresses (for a period of time) that keep cropping up?

Or are there other measures I need to take, or any suggestions?
 
Gallery Website is:
http://illawarraastronomicalsociety.hostoi.com/Coppermine/  and I'm at cpg1.5.12



Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Hackers and Script Kiddies - should I worry?
« Reply #1 on: March 31, 2011, 03:30:56 pm »

The security mechanisms seem to work. So what's your actual question?
Logged

wanglese

  • Coppermine newbie
  • Offline Offline
  • Posts: 5
Re: Hackers and Script Kiddies - should I worry?
« Reply #2 on: March 31, 2011, 10:26:56 pm »

Yeah, I know the current security measures are working, I was wondering if there was anythng else I need to do, eg:


"Should I go through my logs every so often and ban IP addresses (for a period of time) that keep cropping up?



Also, I was surprised to see just how much of this stuff (hacking photogalleries) goes on.
I knew people tried to hack into blogs, forum boards and discussion groups, just this surprised me.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Hackers and Script Kiddies - should I worry?
« Reply #3 on: April 01, 2011, 09:30:40 am »

If you'll sleep better you can ban IP addresses, but that's not necessary imo.
Logged
Pages: [1]   Go Up
 

Page created in 0.016 seconds with 20 queries.