Securing my website

[Troy210]

I seem to have a problem where little assbag's keep trying to hack my website. Could anyone offer some advice on how to secure it?

http://www.freqtheworld.com/4deuce/index.php

 

[Solaris17]

what are they doing/trying to do?

 

[Easy Rhino]

yea a description of the problem would be nice...

 

[Troy210]

Trying to get into the admin area..trying to mess with the modules..ect ect. The website is based on Nuke Evolution Extreme 2.0

 

[IggSter]

You will constantly get attacked by bots, scripts...you name it...

here is one extract from my web server:
- [Sat Mar 27 17:56:09 2010] [error] [client 124.42.124.251] File does not exist: C:/UniServer/www/scripts
- [Sat Mar 27 17:57:16 2010] [error] [client 124.42.124.251] File does not exist: C:/UniServer/www/phpMyAdmin
- [Sat Mar 27 17:58:26 2010] [error] [client 124.42.124.251] File does not exist: C:/UniServer/www/phpmyadmin
- [Sun Mar 28 10:35:55 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/phpMyAdmin
- [Sun Mar 28 10:36:45 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/phpmyadmin
- [Sun Mar 28 10:37:39 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/pma
- [Sun Mar 28 10:38:32 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/mysql
- [Sun Mar 28 10:39:24 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/scripts
- [Sun Mar 28 12:50:14 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/phpmyadmin
- [Sun Mar 28 12:50:15 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/pma
- [Sun Mar 28 12:50:16 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/admin
- [Sun Mar 28 12:50:17 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/dbadmin
- [Sun Mar 28 12:50:18 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/mysql
- [Sun Mar 28 12:50:20 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/php-my-admin
- [Sun Mar 28 12:50:21 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/myadmin
- [Sun Mar 28 12:50:22 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/PHPMYADMIN
- [Sun Mar 28 12:50:23 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/phpMyAdmin
- [Sun Mar 28 12:50:24 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/config
- [Sun Mar 28 12:50:28 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/phppgadmin
- [Sun Mar 28 12:50:34 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/phpMyAdmin2
- [Sun Mar 28 12:50:35 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/mail
- [Sun Mar 28 12:50:38 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/webmail

The best options for you are:

Make sure that you regularly patch your server...PHP, MySQL, Apache, IIS etc
Add the incoming IP addresses to your block list at the router (tbh this will be a full time job as the IPs will change day by day
Make sure that your admin passwords are long, alpha-numeric and contain at least one special char.

 

[Solaris17]

^ this. it happens all the time

[Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:15 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:15 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
[Fri Apr 02 15:25:18 2010] [error] [client 60.28.232.49] File does not exist: /usr/local/apache/htdocs/upimg, referer:
[Fri Apr 02 15:25:18 2010] [error] [client 60.28.189.102] File does not exist: /usr/local/apache/htdocs/upimg, referer:

password protect important dir and I personally 775 dir. and 644 files as a general rule. of course certain files and dir will get certain permissions.

EDIT:: also to make it easy. if you have root access and an FTP account get your self file-zilla or any other easy use FTP program. It allows you to do the changes above in bulk.

take that picture for example. you can right click on any dir. or hit CTRL+A and select them all. right click enter the permissions you want to give click "recurse" and you can apply them to files+dir. files or just dir. So say for example you want to go basic like i said above. you would go to root. select all right click. type 755 recurse "apply to all dir." then hit ok. it will immedietly start to change all your dir permissions (including sub dir.) to the permissions you set. after the operation is done. go back to root. select all type 644 recurse "apply to files only"