cancel
Showing results for 
Search instead for 
Did you mean: 

Urent what is this? Is someone trying to hack my magento?

Urent what is this? Is someone trying to hack my magento?

magento 2.2.8

 

I have downloaded RAW Access log from cPanel and in the last 24 hours I find lot of enteries like:

- - [26/Jan/2020:07:58:08 +0100] "GET /index.php/efqmanage HTTP/1.0" 404 17647 "-" "python-requests/2.13.0"
 - - [26/Jan/2020:07:58:10 +0100] "GET /index.php/nox-login HTTP/1.0" 404 17646 "-" "python-requests/2.13.0"
 - - [26/Jan/2020:07:58:12 +0100] "GET /index.php/deo-adminpanel HTTP/1.0" 404 17660 "-" "python-requests/2.13.0"
 - - [26/Jan/2020:07:58:14 +0100] "GET /index.php/hjb-controlpanel HTTP/1.0" 404 17659 "-" "python-requests/2.13.0"
 - - [26/Jan/2020:07:58:14 +0100] "GET /index.php/yzzmanagement HTTP/1.0" 404 17658 "-" "python-requests/2.13.0"

I did hide the IP from the list, at the same time CPU Usage has been high (99% to 100%)

I blocked those IP addresses and was eable to get CPU Usage down to normal (30%)

I blocked IP from CloudFlare

 

any idea what this was?

 

 

5 REPLIES 5

Re: Urent what is this? Is someone trying to hack my magento?

Hi @Loginname,

There may be some boot attack.

Check query log as well.

Re: Urent what is this? Is someone trying to hack my magento?

Hi @Loginname 

Is your website fully patched with latest Magento patches?
You may try to scan your website with Magento Security scanner and Sucuri Scanner 
It might help you to identify the issue.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Urent what is this? Is someone trying to hack my magento?

Hey @Loginname,

It seems your website is not updated with magento new released patches you need to install magento patches which will help you to keep secure your website Magento Patches   is the list of patches released by magento recently please check once.Also you should scan your website from various bugs and virus. you can use security scan tool for scanning.
please go through Magento security check Doc Magento Security Scan 

--------
Problem Solved, Please Accept as Solution & give Kudos
Shubham Khandelwal

Re: Urent what is this? Is someone trying to hack my magento?

@Loginname 

 

That definitely looks like an attack. Someone is trying to get int your admin URL. Seems like you  have customer admin URL which is good.

 

If not already then block admin access by IP. If you'll do it from server then again you'll have the same performance issue. Same can be done from Cloudflare firewall rules. Block the admin URL and provide access to your IP's. This way cloudflare will stop the traffic and will not cause any load on your server.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.

Re: Urent what is this? Is someone trying to hack my magento?

Security is no longer an issue for most companies, but it should be. Anyone can be a victim of a data breach. Hackers are always looking for new ways to break into systems and steal data. In an age where everything from health records to financial information is on the internet, we need to make sure we protect ourselves. Every company needs a cybersecurity plan in place, and it needs to stay updated. The months leading up to the election were a time of uncertainty for businesses and citizens alike due to fears surrounding election hacking.