0

I have a website and I have email reports when 500 errors occur. Many of these errors occur because "hackers" are running scripts to look for common vulnerabilities or access to admin interfaces - attempting to get to pages such as /admin/config.php.

This has happened 3 times in the past week and I can see that one's IP is in Russia and the other is in China. I understand they may be behind 7 proxies but interesting nevertheless.

Is this common? How should we react to this? I'm considered blocking 'Python-urllib' user agent but nifty users can simply include a custom user agent in their header so that's not a comprehensive measure.

Code Review Doctor
  • 101
  • 1

1 Answers1

1

Make sure you keep things patched and monitor the situation for any successful breaches. Consider changing passwords more often than usual as a precaution, but this is pretty typical behavior. On larger sites, it's basically constantly happening. When I was running the server for a fan run Nintendo news site that was reasonably popular, we probably had several thousand hits a day that were trying to find issues. Visibility makes a target more attractive and a lot of the vulnerability searching is automated.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110