My site was overwhelmed with bots this morning causing SQL server to crash.
After looking at the Apache logs, I can see that it's an Ahrefs bot which according to internet is safe... Now, how the hell it found my admin url and why it's been trying to access it using different keys???
Even though the internet suggest Ahrefs is safe it looks to me that somebody was trying to brute force into my admin panel.
1. how it got access to admin url??
2. why is it trying out different keys
3. best way to prevent this?
Apache log (just few entries, they were in thousands):
54.36.148.7 - - [10/Nov/2019:08:21:54 +0000] "GET /admin_myurl(not the real one)/admin/index/index/key/dabdfa795fe52ac0d05b7d3a3d2b7336f6ce312a43237cf003047d6e6a1f0e52/ HTTP/1.1" 302 3824 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/r$ 54.36.149.28 - - [10/Nov/2019:08:21:54 +0000] "GET /admin_myurl(not the real one)/admin/index/index/key/85a6b3656a55e5437891511257c5536674804e28df6527f4474a4edf59dfcb9d/ HTTP/1.1" 302 3824 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/$ 54.36.149.68 - - [10/Nov/2019:08:21:55 +0000] "GET /admin_myurl(not the real one)/admin/index/index/key/89be0925d3561e16c8c414decb777a306fdf63d1e6d1d4a7e560207bfc4882a3/ HTTP/1.1" 302 3824 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/$ 54.36.150.166 - - [10/Nov/2019:08:22:03 +0000] "GET /admin_myurl(not the real one)/admin/index/index/key/e081e30ad733bc86353f53458fa417e62c14624e534d7191751b779603c5a571/ HTTP/1.1" 302 3824 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com$
Solved! Go to Solution.
I suggest to change the admin url and pick a url which is not use generally.
You can change the admin url from the file app/etc/local.xml.
<args> <frontName><![CDATA[admin]]></frontName> </args>
Find this code at the end of this file and instead of admin use something else.
Hope it helps you!
Thanks
---
If you've found my answer useful, please give"Kudos" and "Accept as Solution".
I suggest to change the admin url and pick a url which is not use generally.
You can change the admin url from the file app/etc/local.xml.
<args> <frontName><![CDATA[admin]]></frontName> </args>
Find this code at the end of this file and instead of admin use something else.
Hope it helps you!
Thanks
---
If you've found my answer useful, please give"Kudos" and "Accept as Solution".
Thank you, just did that.
It's funny how magento by default sets your admin url to "admin_123456" with only 6 generated characters. It definitely needs to be at least 2x longer.
Its good you have changed your url but one thing i want to let you know that Magento never sets admin url as "admin_123456".
Its by default url is admin only.So please check once if somebody has changed it or you have set it at the time of installation.
Thanks
---
If you've found my answer useful, please give"Kudos" and "Accept as Solution".
well it's not admin_123456.
what i meant is that the default format it gives you during the installation is admin_xxxxxx where xxxxxx is randomly generated string.
It's not that hard to break 6 characters.
I mean it's kinda useless since you have to break the admin key as well to get in which is technically impossible but still it shouldn't be that easy to find the default admin route.