I have downloaded RAW Access log from cPanel and in the last 24 hours I find lot of enteries like:
- - [26/Jan/2020:07:58:08 +0100] "GET /index.php/efqmanage HTTP/1.0" 404 17647 "-" "python-requests/2.13.0" - - [26/Jan/2020:07:58:10 +0100] "GET /index.php/nox-login HTTP/1.0" 404 17646 "-" "python-requests/2.13.0" - - [26/Jan/2020:07:58:12 +0100] "GET /index.php/deo-adminpanel HTTP/1.0" 404 17660 "-" "python-requests/2.13.0" - - [26/Jan/2020:07:58:14 +0100] "GET /index.php/hjb-controlpanel HTTP/1.0" 404 17659 "-" "python-requests/2.13.0" - - [26/Jan/2020:07:58:14 +0100] "GET /index.php/yzzmanagement HTTP/1.0" 404 17658 "-" "python-requests/2.13.0"
I did hide the IP from the list, at the same time CPU Usage has been high (99% to 100%)
I blocked those IP addresses and was eable to get CPU Usage down to normal (30%)
I blocked IP from CloudFlare
any idea what this was?
It seems your website is not updated with magento new released patches you need to install magento patches which will help you to keep secure your website Magento Patches is the list of patches released by magento recently please check once.Also you should scan your website from various bugs and virus. you can use security scan tool for scanning.
please go through Magento security check Doc Magento Security Scan
Problem Solved, Please Accept as Solution & give Kudos
That definitely looks like an attack. Someone is trying to get int your admin URL. Seems like you have customer admin URL which is good.
If not already then block admin access by IP. If you'll do it from server then again you'll have the same performance issue. Same can be done from Cloudflare firewall rules. Block the admin URL and provide access to your IP's. This way cloudflare will stop the traffic and will not cause any load on your server.
Security is no longer an issue for most companies, but it should be. Anyone can be a victim of a data breach. Hackers are always looking for new ways to break into systems and steal data. In an age where everything from health records to financial information is on the internet, we need to make sure we protect ourselves. Every company needs a cybersecurity plan in place, and it needs to stay updated. The months leading up to the election were a time of uncertainty for businesses and citizens alike due to fears surrounding election hacking.
The whole Magento site runs on a UNIX system. And often, you need to work through a terminal. This is a special program where they can write commands for the system. You could say that the terminal connects the user and the operating system itself. UNIX systems are very often used for servers running websites and applications. So to hack anything, you need to learn about these systems and how to use the terminal. And to find trusted hackers for hire, you need to know what they were working with before you and what the consequences will be.