moose-en-a-gant Posted March 4, 2015 Share Posted March 4, 2015 I've recently started tracking visitors, simple incrementers on load that gather IP address and webpage. For the most part they are bots but I've been seeing the webpages they are trying to access which many don't exist but they have me concerned Man I can't believe this thing is targeting the server so much and this is only today that I've began gathering data. I've had this server online for at least a month now http://my-ip:80/script http://my-ip:80/jenkins/script http://my-ip:80/login http://my-ip:80/jmx-console http://my-ip:80/manager/html http://my-ip:80/msd http://my-ip:80/mySqlDumper http://my-ip:80/msd1.24stable http://my-ip:80/msd1.24.4 So... how do I know when I am no longer safe? What is safe anyway? Quote Link to comment https://forums.phpfreaks.com/topic/295102-how-do-you-know-if-youve-been-breached/ Share on other sites More sharing options...
moose-en-a-gant Posted March 4, 2015 Author Share Posted March 4, 2015 (edited) I have the IP and I've looked them up in ip look up websites I suppose I ought to do a pattern recognition thing, IP's looking for this sort of thing are automatically blocked I'd appreciate any thoughts regarding this situation How do you block an IP anyway? Do something like "If this ip, exit(); " ? Edited March 4, 2015 by moose-en-a-gant Quote Link to comment https://forums.phpfreaks.com/topic/295102-how-do-you-know-if-youve-been-breached/#findComment-1507532 Share on other sites More sharing options...
moose-en-a-gant Posted March 4, 2015 Author Share Posted March 4, 2015 When the baby comes out head first <- haha Quote Link to comment https://forums.phpfreaks.com/topic/295102-how-do-you-know-if-youve-been-breached/#findComment-1507567 Share on other sites More sharing options...
moose-en-a-gant Posted March 5, 2015 Author Share Posted March 5, 2015 When the baby comes out head first <- haha feet first my bad Quote Link to comment https://forums.phpfreaks.com/topic/295102-how-do-you-know-if-youve-been-breached/#findComment-1507574 Share on other sites More sharing options...
CroNiX Posted March 5, 2015 Share Posted March 5, 2015 That's very normal for a website. It's a malicious bot trying to find common weaknesses in your app. No point in blocking it really. There are thousands out there roaming the net looking for vulnerabilities in websites. This is why we stress security and building secure apps so much around here. Quote Link to comment https://forums.phpfreaks.com/topic/295102-how-do-you-know-if-youve-been-breached/#findComment-1507579 Share on other sites More sharing options...
moose-en-a-gant Posted March 5, 2015 Author Share Posted March 5, 2015 How do you know if it is secure? I was looking at some pages. It would be nice to have weekly or even daily export at a certain time of databases and storing of source code. http://stackoverflow.com/questions/134906/how-do-i-list-all-cron-jobs-for-all-users http://kb.mediatemple.net/questions/1577/Working+with+a+hacked+or+compromised+server#gs I imagine even if you did something like live output of the server processes not just the 1 min 5 min 15 min thing, somehow something can get by undetected. There is so much to cover. Anyway thanks for your response. More to add to the to-learn list. Quote Link to comment https://forums.phpfreaks.com/topic/295102-how-do-you-know-if-youve-been-breached/#findComment-1507596 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.