Over the last two nights there have been automated hacking attempts on my site, and this forum message is to explain what happened to me and to ask if anyone else has had a recent similar occurance.

It looks as though several attempts per second have been made to add file names to the end of my site name in the hope that one of the names may coincide with a file I actually have and provide access to administration areas of the site.

The files searched for include bug tracking software (bugtracker and mantis bug tracker) and another content management system (typo3). I haven't got any of the software searched for on my website, so as far as I am aware the hacking attempt was unsuccessful. However, I'm not 100% sure, although the site seems to be functioning OK.

Some of the files searched for on my site are listed below, and I've already put a block on the two IP addresses concerned and sent an 'abuse' email to the host.

issuetracker/login_page.php
tracker/login_page.php
track/login_page.php
bugtracker/login_page.php
bugtrack/login_page.php
bugs/login_page.php
bug/login_page.php
mantisbt/login_page.php
mantis/login_page.php
site/typo3conf/index.html
tp/typo3conf/index.html
cms/typo3conf/index.html
typo3/typo3conf/index.html
typo/typo3conf/index.html
typo3conf/index.html

Comments

matt blaine’s picture

Yes I've had it often on various web sites. Usually they are just seeing what you have installed or looking for flaws in systems that aren't even installed.
And sometimes its just an automated scan to see what software you are using then if you are found to be using an outdated flawed version they will come back and attempt to exploit the weaknesses of that software.
You can usually ignore as long as you have the latest installed although if from a country I do not plan on getting real visits from I'll block the entire ip range