Site security

We've seen an increased interest from guests on the community recently. It looks to be some form of probing attack probably based on SQL injection through the forums.

I'm just posting this as a convenient note of the IP and whois information.

Code:

Guest IP: 202.46.60.208 » Whois
Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2	Index page	Fri 28 Sep 2012, 12:46 pm Guest IP: 202.46.50.134 » Whois
Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2	Index page	Fri 28 Sep 2012, 12:46 pm
Guest IP: 202.46.62.116 » Whois
Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2	Index page	Fri 28 Sep 2012, 12:46 pm
Guest IP: 202.46.53.70 » Whois
Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2	Index page	Fri 28 Sep 2012, 12:46 pm
Guest IP: 202.46.55.34 » Whois
Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2	Index page	Fri 28 Sep 2012, 12:46 pm
Guest IP: 202.46.61.93 » Whois
Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2	Index page	Fri 28 Sep 2012, 12:46 pm
Guest IP: 173.236.240.254 » Whois	Viewing user control panel	Fri 28 Sep 2012, 12:45 pm
Guest IP: 180.76.5.51 » Whois
Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)	Index page	Fri 28 Sep 2012, 12:45 pm
Google [Bot] IP: 66.249.74.10 » Whois
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)	Index page	Fri 28 Sep 2012, 12:44 pm


Whois
% [whois.apnic.net node-3]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

inetnum:        202.46.32.0 - 202.46.63.255
netname:        SUNRISE
descr:          ShenZhen Sunrise Technology Co.,Ltd.
descr:          2002 Jiabin Road,Luohu District,ShenZhen,China
country:        CN
admin-c:        MM546-AP
tech-c:         MM546-AP
mnt-by:         MAINT-CNNIC-AP
mnt-routes:     MAINT-CNNIC-AP
status:         ALLOCATED PORTABLE
changed:        hm-changed@apnic.net 20050705
source:         APNIC

person:         Max Ma
nic-hdl:        MM546-AP
e-mail:         maxma@zequn.com
address:        2002 Jiabin Road,Luohu District,ShenZhen ,China
phone:          +86-755-82131588
fax-no:         +86-755-82131651
country:        CN
changed:        shenzhi@cnnic.cn 20050701
mnt-by:         MAINT-CNNIC-AP
source:         APNIC
Close window
Powered by phpBB® Forum Software © phpBB Group

 

Not overly. I'm concerned about the number of guest hits increasing but it's not to the state that it's a denial of service attack nor any number that the hosting can't currently handle. My main issue is that those guest users are taking up resources. I know a few of them are bots which I need to add to the bot database but a good number are ranged IP addresses originating in the far east. Most often though if a site is breached they're not after the data they just want to piggy back a malware installation system or even secretly host a Paypal or a Bank scam site.

Passwords wise they're all encrypted but it's always good practice if inconvenient to use different passwords for different sites.

Abs