Hi all,

I logged in as a User-1 and checked my recent log entries. It looks like someone tried to hack my website. I made a print screen to show the kind of urls it tried to use. There were 10 log pages full of this. I don't know if I should be worried or not. Is Drupal well protected against that? And what would this person be after? Is there a module that can warn me with an email if this happens?

This website will be an online store. I have SSL-security at the url's that are recommended by some of the Ubercart developers. But I can't help to feel worried.

http://www.dannyjoris.be/files/fora/hack-attempt.jpg

Any help is greatly appreciated!
Cheers,
Danny

Comments

drupaloo-1’s picture

I am no expert but one thing that could be done is to block the IP address that the scan came from...

danny_joris’s picture

I installed the Troll Module, which can block IP addresses. And clicking on the log messages shows the IP address.

greggles’s picture

Those are just attempts to probe for outdated versions of the phpMyAdmin software. You are likely to see a lot of these as worms attempt to attack outdated software on your site regardless of whether or not your site runs that software. I frequently see probes related to wordpress or joomla or even outdated versions of Drupal. Just stay up to date and you should be all set.

danny_joris’s picture

Today this website that i was talking about went down all of a sudden. I'm still able to login trough ftp though. I really hope this is caused by the hosting. I have another website on the same hosting and that one is not down. I'll contact the hosting company.