We tried three different modsecurity ruleset, OWASP , Comodo and even Atomic (PAID) and none seem to stop this attack on /admin folder.
I assume we may have to use some reg expression but my knowledge is not so good at that.
Unless someone can recommend a technique or way to stop this accross multiple websites on a server?
180.252.180.250 - - [08/Jan/2021:10:15:43 +0200] "POST /admin/ HTTP/1.1" 406 455 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
122.173.51.255 - - [08/Jan/2021:10:15:46 +0200] "POST /admin/ HTTP/1.1" 406 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
106.201.153.52 - - [08/Jan/2021:10:15:46 +0200] "POST /admin/ HTTP/1.1" 406 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
82.213.229.161 - - [08/Jan/2021:10:15:49 +0200] "POST /admin/ HTTP/1.1" 406 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
Is renaming the admin folder an option?
Also see.
https://github.com/opencart/opencart/issues/8710
Code: Select all
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
By returning a 403 response, invaders are also let known that there's an implicit deny in the mean time, however.JNeuhoff wrote: ↑Fri Jan 08, 2021 9:45 pmCreate an 'admin/.htaccess' file with this in it:
where xxx.xxx.xxx.xxx is your IP-address from where to access your OpenCart admin backend. Nobody else will be able to access you OpenCart admin, they get 403s instead!Code: Select all
order deny,allow deny from all allow from xxx.xxx.xxx.xxx
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
to keep 'em from giving you a hard time. I use a similar Mod for years ...
(OCMOD) Secure Admin URL
Set the Key and additional value to protect your Admin URL preventing unauthorized entry.
https://www.opencart.com/index.php?rout ... n_id=40693
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
https://nintechnet.com/ninjafirewall/pro-edition/
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
Well, I tried their Test Site, but despite of adding their 'robots' content,
it told me, not to be able, to find their 'entry' in my robots file.
I still rely on my .htaccess file, blocking about 750'000 IP-Addresses so
far, to keep my Sites work. I again had an attack-attempt last night,
mainly from russian and some south-american IP's, with no Site errors,
exept for leaving their IP's in my Logs. It just resulted in adding about
45 IP-Blocks, like 3.133.99 (= 11'475 IP's) more to the .htaccess file. In
addition to 'redirect' every single 'link', to avoid such, to ever access
the site again, wherever it might come from ...
It's just one of the daily Job's, if one really cares, to keep a Site alive ...
---
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhost.com
They do seem to have pretty good ratings on Google, so far. However, their plans seem to be per-process pretty much instead of offering these plans by recurring packages.EvolveWebHosting wrote: ↑Sat Jan 09, 2021 7:05 amAstra is another great option if you're willing to pay for a license. Going to suggest that everyone stays clear of Comodo.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Same to me, I found that czar_astra_oc1.5.xml on the OC ExtensionI must be blind because I don't see a free version...
Site, but that's good for nothing, as it looks ....
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
https://nintechnet.com/ninjafirewall/pro-edition
If anyone needs it I've got a zip file of the free one and can share if you PM me.
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
I am not sure what you mean by this. It's a monthly or annual license, per domain. Unlimited scans and cleanups. Our pricing is actually a little bit lower than you can get directly from them and anyone can purchase it through us, even if you aren't hosting your site with us.straightlight wrote: ↑Sat Jan 09, 2021 7:14 amThey do seem to have pretty good ratings on Google, so far. However, their plans seem to be per-process pretty much instead of offering these plans by recurring packages.EvolveWebHosting wrote: ↑Sat Jan 09, 2021 7:05 amAstra is another great option if you're willing to pay for a license. Going to suggest that everyone stays clear of Comodo.
Opencart Hosting Plans, Domain Registration, Microsoft and Google Email and More
Visit our website for great deals and most importantly, fast and friendly support - www.evolvewebhost.com
Opencart 1.5.6.5/OC Bootstrap Pro/VQMOD lover, user and geek.
Affordable Service £££ - Opencart Installs, Fixing, Development and Upgrades
Plus Ecommerce, Marketing, Mailing List Management and More
FREE Guidance and Advice at https://www.ecommerce-help.co.uk
Into one of my .htaccess I have this:
Code: Select all
<Files *>
<RequireAll>
Require all granted
# Cambodia (KH)
Require not ip 114.134.184.0/21
# Chinese (CN) IP addresses follow (split into two lines on 7/6/17 to avoid possible Server 500 due to excess line length):
Require not ip 1.24.0.0/13 1.48.0.0/15 1.50.0.0/16 1.56.0.0/13 1.68.0.0/14 1.80.0.0/13 1.92.0.0/14 1.180.0.0/14 1.188.0.0/14 1.192.0.0/13 1.202.0.0/15 1.204.0.0/14 14.16.0.0/12 14.104.0.0/13 14.112.0.0/12 14.134.0.0/15 14.144.0.0/12 14.204.0.0/15 14.208.0.0/12 23.80.54.0/24 23.104.141.0/24 23.105.14.0/24 23.226.208.0/24 27.8.0.0/13 27.16.0.0/12 27.36.0.0/14 27.40.0.0/13 27.50.128.0/17 27.54.192.0/18 27.106.128.0/18 27.115.0.0/17 27.148.0.0/14 27.152.0.0/13 27.184.0.0/13 27.192.0.0/11 27.224.0.0/14 36.1.0.0/16 36.4.0.0/14 36.26.0.0/16 36.32.0.0/14 36.36.0.0/16 36.40.0.0/13 36.48.0.0/15 36.56.0.0/13 36.96.0.0/11 36.128.0.0/11 36.248.0.0/14 39.64.0.0/11 39.96.0.0/13 39.128.0.0/10 42.4.0.0/14 42.48.0.0/13 42.56.0.0/14 42.84.0.0/14 42.88.0.0/13 42.96.128.0/17 42.100.0.0/14 42.120.0.0/14 42.156.0.0/16 42.176.0.0/13 42.185.0.0/16 42.202.0.0/15 42.224.0.0/12 42.240.0.0/16 42.242.0.0/15 42.248.0.0/15 43.226.64.0/20 43.255.0.0/20 43.255.16.0/22 43.255.48.0/22 43.255.60.0/22 43.255.64.0/20 43.255.96.0/20 43.255.144.0/22 43.255.168.0/22 43.255.176.0/22 43.255.184.0/22 43.255.192.0/22 43.255.200.0/21 43.255.208.0/21 43.255.224.0/21 43.255.232.0/22 43.255.244.0/22 47.74.0.0/15 47.76.0.0/14 47.80.0.0/13 47.88.0.0/14 47.92.0.0/14 49.5.0.0/16 49.64.0.0/11 49.112.0.0/13 54.222.0.0/15 58.16.0.0/14 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15 58.34.0.0/16 58.37.0.0/16 58.38.0.0/16 58.40.0.0/16 58.42.0.0/16 58.44.0.0/14 58.48.0.0/13 58.56.0.0/14 58.60.0.0/14 58.68.128.0/17 58.82.0.0/15 58.100.0.0/15 58.116.0.0/14 58.128.0.0/13 58.208.0.0/12 58.240.0.0/13 58.248.0.0/13 59.32.0.0/12 59.48.0.0/14 59.52.0.0/14 59.56.0.0/13 59.72.0.0/16 59.108.0.0/15 59.172.0.0/14 60.0.0.0/12 60.11.0.0/16 60.12.0.0/14 60.16.0.0/13 60.24.0.0/13 60.160.0.0/11 60.194.0.0/15 60.205.0.0/16 60.208.0.0/12 60.253.128.0/17 61.4.64.0/20 61.4.80.0/22 61.4.176.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16 61.136.0.0/18 61.139.0.0/16 61.145.73.208/28 61.147.0.0/16 61.150.0.0/16 61.152.0.0/16 61.154.0.0/16 61.158.0.0/16 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16 61.172.0.0/15 61.175.0.0/16 61.177.0.0/16 61.179.0.0/16 61.183.0.0/16 61.184.0.0/16 61.185.219.232/29 61.187.0.0/16 61.188.0.0/16 61.232.0.0/14 61.236.0.0/15 61.240.0.0/14 94.191.0.0/17
Require not ip 101.16.0.0/12 101.37.0.0/16 101.64.0.0/13 101.72.0.0/14 101.76.0.0/15 101.80.0.0/12 101.132.0.0/15 101.200.0.0/15 101.224.0.0/13 101.248.0.0/15 101.254.0.0/16 103.211.164.0/22 103.253.4.0/22 106.4.0.0/14 106.8.0.0/15 106.12.0.0/14 106.16.0.0/12 106.32.0.0/12 106.43.0.0/16 106.56.0.0/13 106.74.0.0/15 106.80.0.0/12 106.108.0.0/14 106.112.0.0/13 106.120.0.0/13 110.6.0.0/15 110.16.0.0/14 110.51.0.0/16 110.52.0.0/15 110.80.0.0/13 110.88.0.0/14 110.96.0.0/11 110.152.0.0/14 110.156.0.0/15 110.166.0.0/15 110.173.0.0/19 110.173.32.0/20 110.173.64.0/18 110.176.0.0/14 110.184.0.0/13 110.192.0.0/11 110.228.0.0/14 110.240.0.0/12 111.0.0.0/10 111.72.0.0/13 111.85.0.0/16 111.112.0.0/15 111.120.0.0/14 111.124.0.0/16 111.126.0.0/15 111.128.0.0/11 111.160.0.0/13 111.172.0.0/14 111.176.0.0/13 111.192.0.0/12 111.224.0.0/14 111.228.0.0/14 112.0.0.0/10 112.64.0.0/14 112.73.0.0/16 112.74.0.0/16 112.80.0.0/12 112.98.0.0/15 112.100.0.0/14 112.109.128.0/17 112.111.0.0/16 112.112.0.0/14 112.116.0.0/15 112.122.0.0/15 112.192.0.0/14 112.224.0.0/11 113.0.0.0/13 113.8.0.0/15 113.12.0.0/14 113.16.0.0/15 113.18.0.0/16 113.54.0.0/15 113.56.0.0/15 113.58.0.0/16 113.59.0.0/17 113.62.0.0/15 113.64.0.0/10 113.120.0.0/13 113.128.0.0/15 113.132.0.0/14 113.136.0.0/13 113.194.0.0/15 113.200.0.0/15 113.204.0.0/14 113.218.0.0/15 113.220.0.0/14 113.224.0.0/12 113.240.0.0/13 113.248.0.0/14 114.28.0.0/16 114.54.0.0/15 114.64.0.0/14 114.80.0.0/12 114.96.0.0/13 114.104.0.0/14 114.112.0.0/14 114.135.0.0/16 114.138.0.0/15 114.215.0.0/16 114.216.0.0/13 114.224.0.0/11 115.24.0.0/15 115.28.0.0/15 115.32.0.0/14 115.48.0.0/12 115.84.0.0/18 115.100.0.0/14 115.148.0.0/14 115.152.0.0/15 115.159.0.0/16 115.166.64.0/19 115.168.0.0/14 115.192.0.0/11 115.224.0.0/12 116.1.0.0/16 116.2.0.0/15 116.4.0.0/14 116.8.0.0/14 116.16.0.0/12 116.52.0.0/14 116.56.0.0/15 116.60.0.0/14 116.76.0.0/15 116.85.0.0/16 116.90.80.0/20 116.95.0.0/16 116.112.0.0/14 116.116.0.0/15 116.128.0.0/10 116.204.0.0/15 116.207.0.0/16 116.208.0.0/14 116.213.64.0/18 116.213.128.0/17 116.224.0.0/12 116.248.0.0/15 116.252.0.0/15 116.254.128.0/18 117.8.0.0/13 117.21.0.0/16 117.22.0.0/15 117.24.0.0/13 117.32.0.0/13 117.40.0.0/14 117.44.0.0/15 117.50.0.0/16 117.51.0.0/16 117.57.0.0/16 117.60.0.0/14 117.64.0.0/13 117.79.224.0/20 117.80.0.0/12 117.106.0.0/15 117.112.0.0/13 117.128.0.0/10 118.24.0.0/15 118.26.0.0/16 118.72.0.0/13 118.80.0.0/15 118.89.0.0/16 118.112.0.0/13 118.120.0.0/14 118.124.0.0/15 118.132.0.0/14 118.144.0.0/14 118.180.0.0/14 118.186.0.0/15 118.192.0.0/15 118.194.0.0/16 118.213.0.0/16 118.244.0.0/16 118.248.0.0/13 119.0.0.0/13 119.8.0.0/16 119.10.0.0/17 119.18.192.0/20 119.23.0.0/16 119.28.0.0/15 119.32.0.0/14 119.36.0.0/16 119.39.0.0/16 119.44.0.0/16 119.48.0.0/13 119.57.0.0/16 119.60.0.0/15 119.62.0.0/16 119.84.0.0/14 119.88.0.0/14 119.96.0.0/13 119.108.0.0/15 119.112.0.0/13 119.120.0.0/13 119.128.0.0/12 119.144.0.0/14 119.162.0.0/15 119.164.0.0/14 119.176.0.0/12 119.233.0.0/16 119.248.0.0/14 120.0.0.0/12 120.24.0.0/14 120.30.0.0/15 120.32.0.0/13 120.40.0.0/14 120.68.0.0/14 120.76.0.0/14 120.80.0.0/13 120.92.0.0/16 120.192.0.0/10 121.0.16.0/20 121.4.0.0/15 121.8.0.0/13 121.16.0.0/12 121.32.0.0/14 121.40.0.0/14 121.52.208.0/20 121.52.224.0/19 121.56.0.0/15 121.60.0.0/14 121.68.0.0/14 121.76.0.0/15 121.100.128.0/17 121.196.0.0/14 121.201.0.0/16 121.204.0.0/14 121.224.0.0/12 122.4.0.0/14 122.8.0.0/16 122.10.128.0/17 122.51.128.0/17 122.64.0.0/11 122.96.0.0/15 122.119.0.0/16 122.136.0.0/13 122.156.0.0/14 122.188.0.0/14 122.192.0.0/14 122.198.0.0/16 122.200.64.0/18 122.224.0.0/12 122.240.0.0/13 123.4.0.0/14 123.8.0.0/13 123.52.0.0/14 123.56.0.0/14 123.64.0.0/11 123.97.128.0/17 123.100.0.0/19 123.112.0.0/12 123.128.0.0/13 123.138.0.0/15 123.144.0.0/14 123.148.0.0/15 123.150.0.0/15 123.152.0.0/13 123.160.0.0/14 123.164.0.0/14 123.172.0.0/15 123.178.0.0/15 123.180.0.0/14 123.184.0.0/13 123.196.0.0/15 123.206.0.0/15 123.232.0.0/14 123.244.0.0/14 123.249.0.0/16 124.42.0.0/16 124.64.0.0/15 124.66.0.0/17 124.67.0.0/16 124.72.0.0/13 124.88.0.0/15 124.92.0.0/14 124.112.0.0/15 124.114.0.0/15 124.117.0.0/16 124.118.0.0/15 124.126.0.0/15 124.128.0.0/13 124.152.0.0/16 124.160.0.0/13 124.192.0.0/15 124.200.0.0/13 124.224.0.0/16 124.226.0.0/15 124.228.0.0/14 124.234.0.0/15 124.236.0.0/14 124.240.0.0/17 124.240.128.0/18 124.248.0.0/17 125.32.0.0/14 125.36.0.0/14 125.40.0.0/13 125.64.0.0/12 125.79.0.0/16 125.80.0.0/13 125.88.0.0/13 125.104.0.0/13 125.112.0.0/12 125.210.0.0/15 125.216.0.0/13 132.232.0.0/16 134.175.0.0/16 139.129.0.0/16 139.170.0.0/16 139.189.0.0/16 139.199.0.0/16 139.206.0.0/16 139.208.0.0/13 139.217.0.0/16 139.224.0.0/16 139.226.0.0/15 140.143.0.0/16 140.206.0.0/15 140.224.0.0/16 140.237.0.0/16 140.240.0.0/16 140.246.0.0/16 140.249.0.0/16 140.255.0.0/16 142.4.117.0/30 144.0.0.0/16 144.12.0.0/16 144.52.0.0/16 144.123.0.0/16 144.255.0.0/16 150.109.0.0/16 150.138.0.0/15 150.242.152.0/21 150.242.160.0/21 150.242.168.0/22 153.0.0.0/16 153.99.0.0/16 159.226.0.0/16 162.209.168.0/24 171.8.0.0/13 171.34.0.0/15 171.36.0.0/14 171.40.0.0/13 171.80.0.0/14 171.88.0.0/13 171.104.0.0/13 171.112.0.0/14 171.116.0.0/14 171.120.0.0/13 171.208.0.0/12 175.0.0.0/12 175.16.0.0/13 175.24.0.0/14 175.30.0.0/15 175.42.0.0/15 175.44.0.0/16 175.46.0.0/15 175.48.0.0/12 175.64.0.0/11 175.102.0.0/16 175.106.128.0/17 175.146.0.0/15 175.148.0.0/14 175.152.0.0/14 175.160.0.0/12 175.178.0.0/16 175.184.128.0/18 175.185.0.0/16 175.186.0.0/15 175.188.0.0/14 180.76.0.0/16 180.95.128.0/17 180.96.0.0/11 180.136.0.0/13 180.152.0.0/13 180.160.0.0/12 180.208.0.0/15 180.212.0.0/15 182.18.0.0/17 182.32.0.0/12 182.50.112.0/20 182.61.0.0/16 182.84.0.0/14 182.88.0.0/14 182.96.0.0/12 182.112.0.0/12 182.128.0.0/12 182.144.0.0/13 182.200.0.0/13 182.240.0.0/13 183.0.0.0/10 183.64.0.0/13 183.92.0.0/14 183.128.0.0/11 183.160.0.0/12 183.184.0.0/13 183.192.0.0/10 192.34.109.224/28 198.2.203.64/28 198.2.212.160/28 198.15.171.64/26
Require not ip 202.43.144.0/22 202.46.32.0/19 202.65.96.0/20 202.66.0.0/16 202.75.208.0/20 202.96.0.0/12 202.111.160.0/19 202.112.0.0/14 202.117.0.0/16 202.127.112.0/20 202.165.176.0/20 202.196.80.0/20 203.69.0.0/16 203.81.16.0/20 203.86.0.0/18 203.86.64.0/19 203.93.0.0/16 203.169.160.0/19 203.171.224.0/20 203.195.160.0/23 210.5.0.0/19 210.12.0.0/16 210.14.128.0/19 210.21.0.0/16 210.22.0.0/16 210.32.0.0/14 210.51.0.0/16 210.52.0.0/15 210.75.0.0/16 210.77.0.0/16 210.79.64.0/18 210.192.96.0/19 211.76.96.0/20 211.78.208.0/20 211.80.0.0/13 211.86.144.0/20 211.90.0.0/15 211.92.0.0/14 211.96.0.0/13 211.136.0.0/13 211.144.0.0/12 211.160.0.0/13 211.233.70.0/24 212.64.0.0/17 218.0.0.0/11 218.56.0.0/13 218.64.0.0/11 218.84.0.0/14 218.88.0.0/13 218.96.0.0/14 218.102.0.0/16 218.104.0.0/14 218.108.0.0/15 218.194.80.0/20 218.200.0.0/13 218.240.0.0/13 218.249.0.0/16 219.128.0.0/11 219.154.0.0/15 219.223.192.0/18 219.232.0.0/16 219.234.80.0/20 219.235.0.0/16 219.238.0.0/15 220.112.0.0/16 220.154.0.0/15 220.160.0.0/11 220.181.0.0/16 220.191.0.0/16 220.192.0.0/12 220.228.70.0/24 220.242.0.0/15 220.248.0.0/14 220.250.0.0/19 220.252.0.0/16 221.0.0.0/12 221.122.0.0/15 221.130.0.0/15 221.136.0.0/15 221.172.0.0/14 221.176.0.0/13 221.192.0.0/14 221.196.0.0/15 221.198.0.0/16 221.199.0.0/17 221.200.0.0/14 221.204.0.0/15 221.206.0.0/16 221.207.0.0/16 221.208.0.0/12 221.212.0.0/15 221.214.0.0/15 221.216.0.0/13 221.224.0.0/13 221.228.0.0/14 221.232.0.0/13 222.32.0.0/11 222.64.0.0/12 222.80.0.0/12 222.128.0.0/14 222.132.0.0/14 222.136.0.0/13 222.160.0.0/14 222.168.0.0/13 222.172.222.0/24 222.176.0.0/13 222.184.0.0/13 222.200.0.0/16 222.208.0.0/13 222.216.0.0/14 222.220.0.0/15 222.222.0.0/15 222.240.0.0/13 222.249.0.0/16 223.4.0.0/14 223.8.0.0/13 223.64.0.0/11 223.96.0.0/12 223.112.0.0/14 223.144.0.0/12 223.198.0.0/15 223.214.0.0/15 223.223.176.0/20 223.223.192.0/20 223.255.0.0/17 223.240.0.0/13
# India (IN), Bangladesh (BD) and Pakistan (PK)
Require not ip 1.39.0.0/16 1.186.38.0/24 14.96.0.0/14 14.139.0.0/16 14.140.0.0/14 14.192.52.0/22 14.194.0.0/15 27.4.0.0/14 27.97.0.0/16 27.248.0.0/14 27.255.0.0/18 27.255.128.0/24 39.32.0.0/11 43.246.140.0/24 49.14.0.0/15 49.200.0.0/14 49.248.0.0/17 58.65.128.0/18 59.88.0.0/13 59.96.0.0/14 59.160.0.0/14 59.164.0.0/15 59.176.0.0/13 59.184.0.0/15 61.0.0.0/14 61.247.238.0/24 101.50.64.0/18 101.56.0.0/13 101.212.0.0/16 101.216.0.0/16 103.48.16.0/24 103.56.220.0/22 103.103.56.0/24 103.194.12.0/22 103.194.20.0/22 103.194.24.0/21 103.194.32.0/22 103.214.124.0/22 103.214.128.0/21 103.214.136.0/22 103.240.204.0/22 103.240.208.0/21 103.240.216.0/22 103.243.52.0/22 103.243.56.0/21 106.51.0.0/16 106.76.0.0/14 106.192.0.0/11 110.224.0.0/16 110.227.0.0/16 110.232.248.0/24 111.68.96.0/20 112.110.0.0/16 113.19.0.0/16 113.212.64.0/19 114.31.224.0/20 115.96.0.0/14 115.108.0.0/14 115.112.0.0/13 115.166.128.0/20 115.167.24.0/24 115.240.0.0/12 116.72.0.0/14 116.202.12.0/22 116.203.0.0/16 117.96.0.0/14 117.192.0.0/10 118.151.209.0/24 119.152.0.0/13 119.160.0.0/17 120.56.0.0/13 120.138.98.0/24 121.240.0.0/13 122.15.0.0/16 122.160.0.0/12 122.176.0.0/13 122.184.0.0/14 123.49.0.0/18 123.236.0.0/14 124.123.0.0/16 124.124.0.0/15 124.247.235.0/24 124.253.0.0/16 125.209.64.0/18 139.190.0.0/16 150.242.148.0/22 150.242.172.0/22 171.48.0.0/12 171.76.0.0/14 175.101.0.0/16 180.215.0.0/16 182.18.128.0/18 182.64.0.0/12 182.176.0.0/12 183.82.0.0/15 193.53.87.0/24 202.54.0.0/16 202.63.160.0/19 202.87.240.0/20 202.137.232.0/21 202.142.64.0/18 202.149.192.0/19 202.154.224.0/24 203.76.176.0/20 203.92.47.0/24 203.100.64.0/20 203.115.80.0/20 203.135.62.0/24 203.153.44.0/24 203.188.247.0/24 203.192.192.0/18 203.197.0.0/16 210.211.128.0/17 210.212.0.0/16 218.248.0.0/20 223.30.0.0/15 223.130.4.0/22 223.220.0.0/15 223.223.128.0/19 223.223.176.0/20 223.223.192.0/20 223.224.0.0/12
# Indonesia (ID)
Require not ip 23.247.80.0/23 36.64.0.0/11 49.50.4.0/22 49.50.8.0/22 103.87.16.0/24 103.253.0.0/22 110.136.176.0/20 110.139.0.0/16 111.95.0.0/16 112.109.19.0/24 114.57.238.0/23 114.79.18.0/24 115.166.96.0/19 116.12.40.0/21 116.66.200.0/21 116.254.96.0/21 118.96.0.0/15 118.99.64.0/18 118.137.96.0/19 119.18.152.0/21 119.110.68.0/24 119.235.16.0/20 119.252.162.0/24 120.160.0.0/11 122.200.144.0/21 124.6.36.0/22 124.81.0.0/16 124.195.124.0/24 125.160.0.0/14 125.164.64.0/19 125.165.128.0/18 139.192.0.0/14 139.255.0.0/16 175.184.232.0/21 180.241.128.0/17 180.242.0.0/16 180.245.0.0/16 180.246.0.0/16 180.248.128.0/18 180.249.0.0/16 180.251.0.0/18 182.253.0.0/16 202.57.0.0/19 202.158.32.0/19 202.162.192.0/20 202.162.208.0/24 203.130.192.0/18 203.215.48.0/24 222.124.168.0/24
# Japan (JP) (hacking, scraping, or spamming)
Require not ip 27.50.96.0/19 36.52.0.0/14 42.83.0.0/18 43.224.32.0/22 58.188.0.0/14 59.146.0.0/15 60.236.0.0/14 61.112.0.0/12 118.0.0.0/12 118.16.0.0/13 118.86.0.0/15 118.106.0.0/16 122.16.0.0/12 122.200.192.0/18 122.208.0.0/12 122.248.128.0/18 123.216.0.0/13 124.84.0.0/14 126.0.0.0/8 150.70.84.41 153.128.0.0/9 182.48.0.0/18 202.210.128.0/18 210.198.6.0/23 210.248.0.0/13 211.19.0.0/16 218.216.0.0/13 218.224.0.0/13 219.94.128.0/17 219.96.0.0/11 220.104.0.0/13 220.208.0.0/12 221.121.160.0/20 222.0.0.0/12 222.231.64.0/18 222.231.128.0/17 222.144.0.0/13 223.216.0.0/14
# Korea (KR) (including North Korea) IP addresses follow:
Require not ip 1.208.0.0/12 1.224.0.0/11 14.32.0.0/11 14.64.0.0/11 27.115.128.0/17 27.255.64.0/18 58.72.0.0/13 58.120.0.0/13 58.140.0.0/14 58.148.0.0/14 58.180.40.0/21 58.224.0.0/12 59.0.0.0/11 59.86.192.0/18 59.186.0.0/15 61.32.0.0/13 61.40.0.0/14 61.72.0.0/13 61.80.0.0/15 61.96.0.0/12 61.110.16.0/20 61.248.0.0/13 101.79.0.0/16 110.8.0.0/13 110.45.0.0/16 112.144.0.0/12 112.160.0.0/11 112.216.0.0/13 113.30.64.0/18 114.29.0.0/17 114.108.0.0/17 114.108.128.0/18 114.200.0.0/13 115.0.0.0/12 115.16.0.0/13 115.40.0.0/15 115.68.0.0/16 115.88.0.0/13 115.144.0.0/15 116.40.0.0/16 116.45.176.0/20 116.93.192.0/19 116.120.0.0/13 117.110.0.0/15 118.32.0.0/11 118.128.0.0/14 118.216.0.0/13 119.64.0.0/13 119.192.0.0/11 120.50.64.0/18 121.78.0.0/16 121.88.0.0/16 121.101.224.0/19 121.127.64.0/18 121.127.128.0/18 121.128.0.0/10 121.254.0.0/16 122.32.0.0/13 122.44.112.0/20 122.99.128.0/17 122.252.64.0/18 123.111.0.0/16 123.140.0.0/14 123.212.0.0/14 123.248.0.0/16 124.0.0.0/15 124.50.87.161 124.136.0.0/14 124.217.192.0/19 125.128.0.0/11 125.176.0.0/12 125.240.0.0/13 125.248.0.0/14 143.248.0.0/16 166.104.0.0/16 168.126.0.0/16 168.188.0.0/16 175.45.176.0/22 175.112.0.0/12 175.192.0.0/10 180.64.0.0/13 180.224.0.0/13 182.224.0.0/14 183.96.0.0/11 202.30.0.0/15 202.133.16.0/20 202.179.176.0/21 203.226.0.0/15 203.228.0.0/14 203.244.0.0/14 203.248.0.0/13 210.93.0.0/16 210.94.0.0/15 210.108.0.0/14 210.112.0.0/14 210.117.128.0/18 210.118.216.192/26 210.123.0.0/16 210.124.0.0/14 210.178.0.0/15 210.180.0.0/15 210.204.0.0/15 210.210.192.0/18 210.219.0.0/16 210.220.0.0/14 211.32.0.0/12 211.48.0.0/15 211.50.0.0/15 211.52.0.0/15 211.54.0.0/15 211.56.0.0/14 211.62.35.0/24 211.104.0.0/13 211.112.0.0/13 211.168.0.0/13 211.176.0.0/12 211.192.0.0/12 211.208.0.0/14 211.216.0.0/13 211.224.0.0/13 211.232.0.0/13 211.240.0.0/12 218.36.0.0/14 218.48.0.0/13 218.144.0.0/12 218.209.0.0/16 218.232.0.0/14 218.236.0.0/14 219.240.0.0/15 219.248.0.0/13 219.250.88.0/21 220.72.0.0/13 220.80.0.0/13 220.95.88.0/24 220.118.0.0/16 220.119.0.0/16 221.128.0.0/12 221.140.0.0/14 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24 222.96.0.0/12 222.112.0.0/13 222.120.0.0/15 222.122.0.0/16 222.231.0.0/18 222.232.0.0/13
# Yahoo-Korea (provides free email services used by some spammers)
Require not ip 123.0.0.0/20
# Neighboring Asian countries:
# Malaysia (MY)
Require not ip 27.131.32.0/24 60.48.0.0/14 60.52.0.0/15 60.54.0.0/16 110.159.0.0/16 112.137.160.0/20 113.23.128.0/17 115.132.0.0/14 116.197.0.0/17 116.206.0.0/16 118.100.0.0/15 119.110.96.0/20 120.50.48.0/20 120.140.0.0/15 124.82.0.0/16 124.217.224.0/19 161.139.0.0/16 175.136.0.0/13 180.72.0.0/14 182.54.192.0/19 202.58.80.0/20 202.71.96.0/20 202.75.32.0/19 202.188.0.0/18 202.190.0.0/16 203.106.0.0/16 203.217.176.0/22 203.223.128.0/19 210.187.49.0/25 218.111.0.0/16 218.208.12.64/27
# Philippines (PH)
Require not ip 27.110.144.0/20 37.0.120.0/21 85.92.152.0/21 110.5.64.0/21 111.235.80.0/20 112.201.128.0/17 112.202.0.0/16 120.28.64.0/18 122.54.125.73 125.60.128.0/17 125.212.52.0/22 125.212.56.0/22 180.193.64.0/19 202.52.54.0/23 202.133.192.0/24 202.146.184.0/23 222.127.32.0/19 222.127.64.0/19
# Singapore (SG)
Require not ip 47.88.128.0/17 58.185.18.0/28 59.189.0.0/16 116.12.48.0/21 116.14.0.0/15 116.251.223.0/24 121.6.0.0/15 165.21.0.0/16 180.210.200.0/21 182.23.147.0/24 192.169.40.0/23 203.92.64.0/18 203.117.0.0/24 218.186.0.0/16 218.212.0.0/16 219.74.0.0/15 219.75.0.0/17
# Taiwan (TW)
Require not ip 1.160.0.0/12 1.200.0.0/16 36.224.0.0/12 59.112.0.0/12 60.198.0.0/15 60.249.0.0/16 60.250.0.0/15 61.31.0.0/16 61.56.0.0/16 61.58.0.0/15 61.63.0.0/16 61.67.128.0/17 61.216.0.0/14 61.220.0.0/14 61.224.0.0/14 61.228.0.0/14 110.24.0.0/13 110.50.128.0/18 111.240.0.0/12 112.213.48.0/20 114.24.0.0/14 114.32.0.0/12 115.80.0.0/14 115.85.144.0/20 117.19.0.0/16 118.160.0.0/13 122.116.0.0/15 122.118.0.0/16 122.120.0.0/13 122.254.0.0/18 123.51.128.0/17 123.240.0.0/15 124.8.0.0/14 125.224.0.0/13 140.109.0.0/16 140.110.0.0/15 140.112.0.0/12 140.128.0.0/13 140.136.0.0/15 140.138.0.0/16 163.13.0.0/16 163.14.0.0/15 163.16.0.0/12 163.24.0.0/16 163.32.0.0/16 175.96.0.0/14 175.180.0.0/14 203.64.0.0/14 203.71.0.0/16 203.72.0.0/16 210.59.0.0/16 210.200.0.0/15 210.240.0.0/16 211.20.0.0/15 211.23.0.0/16 211.72.0.0/16 211.75.0.0/16 211.76.160.0/20 211.79.32.0/20 211.23.0.0/16 218.160.0.0/12 219.84.0.0/15 219.90.3.0/24 220.128.0.0/12
# Thailand (TH)
Require not ip 1.20.0.0/16 1.46.0.0/15 1.179.128.0/18 14.207.0.0/16 49.0.64.0/18 49.230.0.0/16 58.8.0.0/16 58.9.0.0/16 58.10.0.0/16 58.137.0.0/16 61.19.0.0/16 61.47.0.0/17 110.34.128.0/17 110.168.0.0/16 113.53.0.0/17 114.131.0.0/16 115.87.128.0/17 117.47.0.0/16 118.172.0.0/14 119.59.96.0/19 119.76.0.0/16 122.154.0.0/15 123.242.128.0/18 124.120.0.0/16 124.121.0.0/16 124.122.0.0/16 125.25.0.0/19 171.97.128.0/17 202.28.0.0/15 202.44.135.0/24 202.133.128.0/18 202.142.192.0/19 202.143.128.0/18 203.107.142.0/24 203.113.0.0/17 203.130.149.0/24 203.144.128.0/17 203.146.0.0/16 203.148.128.0/17 203.149.0.0/18 203.150.128.0/17 203.151.38.0/24 203.155.0.0/16 203.158.96.0/19 203.158.128.0/17 203.170.193.0/24 203.172.128.0/17 203.185.128.0/19 210.213.0.0/18 222.123.0.0/16 223.205.0.0/16 223.207.0.0/16
# Vietnam (VN)
Require not ip 1.52.0.0/14 14.160.0.0/11 14.224.0.0/11 27.64.0.0/12 42.112.0.0/13 58.186.0.0/15 64.188.12.0/23 64.188.25.128/26 67.215.225.128/26 103.48.188.0/22 103.48.192.0/22 103.79.140.0/22 103.207.32.0/21 112.78.0.0/20 112.197.0.0/16 112.213.80.0/20 113.22.0.0/16 113.23.0.0/17 113.160.0.0/11 115.72.0.0/13 115.84.176.0/22 115.146.120.0/21 116.96.0.0/12 116.118.0.0/17 117.0.0.0/13 118.68.0.0/14 118.99.13.0/24 123.16.0.0/12 125.234.0.0/15 171.224.0.0/11 175.100.64.0/20 180.93.0.0/16 183.80.0.0/16 183.81.0.0/17 183.91.0.0/19 202.78.227.0/24 203.113.128.0/18 203.162.0.0/16 203.205.0.0/18 203.210.192.0/18 210.211.96.0/19 210.245.0.0/17 220.231.124.0/22 222.252.0.0/14
# End Chinese-Korean blocklist
</RequireAll>
</Files>
If you need a complete .htaccess, do ask me, I will be very happy to send it by email
Have a nice day
Yan
Opencart 3.0.3.6
PHP 7.3.26 FPM served by NGINX 1.16.1.3
Linux Centos 7.9.2009 / Plesk 17.8.11
Dedicated Servers
renaming admin folder, adding keys to login admin etc are useless
hostking wrote: ↑Fri Jan 08, 2021 4:17 pmWe have a strange issue. Hoping someone has a modsecurity rule or something to stop this on our shared hosting servers. We already implemented a Captcha on the site on the login page but does not seem to stop this.
We tried three different modsecurity ruleset, OWASP , Comodo and even Atomic (PAID) and none seem to stop this attack on /admin folder.
I assume we may have to use some reg expression but my knowledge is not so good at that.
Unless someone can recommend a technique or way to stop this accross multiple websites on a server?
180.252.180.250 - - [08/Jan/2021:10:15:43 +0200] "POST /admin/ HTTP/1.1" 406 455 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
122.173.51.255 - - [08/Jan/2021:10:15:46 +0200] "POST /admin/ HTTP/1.1" 406 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
106.201.153.52 - - [08/Jan/2021:10:15:46 +0200] "POST /admin/ HTTP/1.1" 406 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
82.213.229.161 - - [08/Jan/2021:10:15:49 +0200] "POST /admin/ HTTP/1.1" 406 418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
It's both a brute force and DDoS attack combined. It will inflate your 'oc_session' DB table and therefore cause your OpenCart server to eventually reach its resource limit. And each of these attacking requests uses a different user and password combination, randomly generated, in the hope that after weeks or months of attacking your website it will come across the right login credentials.
Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig
Users browsing this forum: No registered users and 151 guests